From bfb1202f83a36f086b69286060e7355777e83b61 Mon Sep 17 00:00:00 2001
From: J08nY
Date: Mon, 30 Jul 2018 19:16:55 +0200
Subject: Find KPG algos a bit better in ECTesterStandalone.

---
 src/cz/crcs/ectester/reader/ECTesterReader.java | 1 -
 1 file changed, 1 deletion(-)

(limited to 'src/cz/crcs/ectester/reader/ECTesterReader.java')

diff --git a/src/cz/crcs/ectester/reader/ECTesterReader.java b/src/cz/crcs/ectester/reader/ECTesterReader.java
index 4a7d779..7bdf0f1 100644
--- a/src/cz/crcs/ectester/reader/ECTesterReader.java
+++ b/src/cz/crcs/ectester/reader/ECTesterReader.java
@@ -94,7 +94,6 @@ public class ECTesterReader {
 
         DESCRIPTION = "ECTesterReader " + VERSION + GIT_COMMIT + ", a javacard Elliptic Curve Cryptography support tester/utility.";
         CLI_HEADER = "\n" + DESCRIPTION + "\n\n";
-        ;
     }
 
     private void run(String[] args) {
-- 
cgit v1.2.3-70-g09d2


From b6d6766fef9b73db70bda8b6b398128ba5a41ab2 Mon Sep 17 00:00:00 2001
From: J08nY
Date: Sat, 11 Aug 2018 21:52:48 +0200
Subject: Add various ECDSA tests.

---
 src/cz/crcs/ectester/common/ec/EC_Category.java    |  21 +-
 src/cz/crcs/ectester/common/ec/EC_SigResult.java   |  65 +++++
 src/cz/crcs/ectester/common/util/CardUtil.java     |  17 ++
 src/cz/crcs/ectester/common/util/ECUtil.java       |   4 +
 src/cz/crcs/ectester/data/EC_Store.java            |  62 +++--
 src/cz/crcs/ectester/data/categories.xml           |   2 +-
 src/cz/crcs/ectester/data/cofactor/keys.xml        |   4 +-
 src/cz/crcs/ectester/data/composite/keys.xml       |   4 +-
 src/cz/crcs/ectester/data/degenerate/keys.xml      |   4 +-
 src/cz/crcs/ectester/data/invalid/keys.xml         |   4 +-
 src/cz/crcs/ectester/data/schema.xsd               |  29 ++-
 src/cz/crcs/ectester/data/test/keys.xml            |   4 +-
 src/cz/crcs/ectester/data/test/results.xml         |  84 +++----
 src/cz/crcs/ectester/data/twist/keys.xml           |   4 +-
 src/cz/crcs/ectester/data/wrong/keys.xml           |  16 ++
 src/cz/crcs/ectester/data/wrong/results.xml        | 140 +++++++++++
 src/cz/crcs/ectester/data/wycheproof/keys.xml      |   4 +-
 src/cz/crcs/ectester/data/wycheproof/results.xml   | 272 ++++++++++-----------
 src/cz/crcs/ectester/reader/ECTesterReader.java    |   8 +-
 .../ectester/reader/test/CardCofactorSuite.java    |  23 +-
 .../ectester/reader/test/CardInvalidSuite.java     |  21 +-
 .../ectester/reader/test/CardSignatureSuite.java   |  45 ++++
 .../crcs/ectester/reader/test/CardTwistSuite.java  |  18 +-
 src/cz/crcs/ectester/reader/test/CommandTest.java  |  19 ++
 24 files changed, 589 insertions(+), 285 deletions(-)
 create mode 100644 src/cz/crcs/ectester/common/ec/EC_SigResult.java
 create mode 100644 src/cz/crcs/ectester/data/wrong/keys.xml
 create mode 100644 src/cz/crcs/ectester/data/wrong/results.xml
 create mode 100644 src/cz/crcs/ectester/reader/test/CardSignatureSuite.java

(limited to 'src/cz/crcs/ectester/reader/ECTesterReader.java')

diff --git a/src/cz/crcs/ectester/common/ec/EC_Category.java b/src/cz/crcs/ectester/common/ec/EC_Category.java
index 9c65f3b..8c58159 100644
--- a/src/cz/crcs/ectester/common/ec/EC_Category.java
+++ b/src/cz/crcs/ectester/common/ec/EC_Category.java
@@ -116,11 +116,24 @@ public class EC_Category {
             out.append(System.lineSeparator());
         }
 
-        Map<String, EC_KAResult> results = getObjects(EC_KAResult.class);
-        size = results.size();
+        Map<String, EC_KAResult> kaResults = getObjects(EC_KAResult.class);
+        size = kaResults.size();
         if (size > 0) {
-            out.append(Colors.bold("\t\tResults: "));
-            for (Map.Entry<String, EC_KAResult> result : results.entrySet()) {
+            out.append(Colors.bold("\t\tResults(KA): "));
+            for (Map.Entry<String, EC_KAResult> result : kaResults.entrySet()) {
+                out.append(result.getKey());
+                size--;
+                if (size > 0)
+                    out.append(", ");
+            }
+            out.append(System.lineSeparator());
+        }
+
+        Map<String, EC_SigResult> sigResults = getObjects(EC_SigResult.class);
+        size = sigResults.size();
+        if (size > 0) {
+            out.append(Colors.bold("\t\tResults(SIG): "));
+            for (Map.Entry<String, EC_SigResult> result : sigResults.entrySet()) {
                 out.append(result.getKey());
                 size--;
                 if (size > 0)
diff --git a/src/cz/crcs/ectester/common/ec/EC_SigResult.java b/src/cz/crcs/ectester/common/ec/EC_SigResult.java
new file mode 100644
index 0000000..0595944
--- /dev/null
+++ b/src/cz/crcs/ectester/common/ec/EC_SigResult.java
@@ -0,0 +1,65 @@
+package cz.crcs.ectester.common.ec;
+
+import cz.crcs.ectester.common.util.CardUtil;
+
+/**
+ * A result of EC based Signature operation.
+ *
+ * @author Jan Jancar johny@neuromancer.sk
+ */
+public class EC_SigResult extends EC_Data {
+    private String sig;
+    private String curve;
+    private String signKey;
+    private String verifyKey;
+
+    private String desc;
+
+    public EC_SigResult(String sig, String curve, String signKey, String verifyKey) {
+        super(1);
+        this.sig = sig;
+        this.curve = curve;
+        this.signKey = signKey;
+        this.verifyKey = verifyKey;
+    }
+
+    public EC_SigResult(String id, String sig, String curve, String signKey, String verifyKey) {
+        this(sig, curve, signKey, verifyKey);
+        this.id = id;
+    }
+
+    public EC_SigResult(String id, String sig, String curve, String signKey, String verifyKey, String desc) {
+        this(id, sig, curve, signKey, verifyKey);
+        this.desc = desc;
+    }
+
+    public String getSig() {
+        return sig;
+    }
+
+    public byte getJavaCardSig() {
+        return CardUtil.getSig(sig);
+    }
+
+    public String getCurve() {
+        return curve;
+    }
+
+    public String getSignKey() {
+        return signKey;
+    }
+
+    public String getVerifyKey() {
+        return verifyKey;
+    }
+
+    public String getDesc() {
+        return desc;
+    }
+
+    @Override
+    public String toString() {
+        return "<" + getId() + "> " + sig + " result over " + curve + ", " + signKey + " + " + verifyKey + (desc == null ? "" : ": " + desc) + System.lineSeparator() + super.toString();
+    }
+
+}
diff --git a/src/cz/crcs/ectester/common/util/CardUtil.java b/src/cz/crcs/ectester/common/util/CardUtil.java
index a628d5b..e7b370c 100644
--- a/src/cz/crcs/ectester/common/util/CardUtil.java
+++ b/src/cz/crcs/ectester/common/util/CardUtil.java
@@ -14,6 +14,23 @@ import java.util.List;
  * @author Jan Jancar johny@neuromancer.sk
  */
 public class CardUtil {
+    public static byte getSig(String name) {
+        switch (name) {
+            case "SHA1":
+                return EC_Consts.Signature_ALG_ECDSA_SHA;
+            case "SHA224":
+                return EC_Consts.Signature_ALG_ECDSA_SHA_224;
+            case "SHA256":
+                return EC_Consts.Signature_ALG_ECDSA_SHA_256;
+            case "SHA384":
+                return EC_Consts.Signature_ALG_ECDSA_SHA_384;
+            case "SHA512":
+                return EC_Consts.Signature_ALG_ECDSA_SHA_512;
+            default:
+                return EC_Consts.Signature_ALG_ECDSA_SHA;
+        }
+    }
+
     public static byte getKA(String name) {
         switch (name) {
             case "DH":
diff --git a/src/cz/crcs/ectester/common/util/ECUtil.java b/src/cz/crcs/ectester/common/util/ECUtil.java
index 3c1f138..6c3ad58 100644
--- a/src/cz/crcs/ectester/common/util/ECUtil.java
+++ b/src/cz/crcs/ectester/common/util/ECUtil.java
@@ -210,4 +210,8 @@ public class ECUtil {
         ECPrivateKey privkey = new RawECPrivateKey(toScalar(kp), curve.toSpec());
         return new KeyPair(pubkey, privkey);
     }
+
+    public static byte[] toDERSignature(byte[] r, byte[] s) {
+        return ByteUtil.concatenate(new byte[]{0x30, (byte) (r.length + s.length + 4), 0x02, (byte) r.length}, r, new byte[]{0x02, (byte) s.length}, s);
+    }
 }
diff --git a/src/cz/crcs/ectester/data/EC_Store.java b/src/cz/crcs/ectester/data/EC_Store.java
index cb65402..3eaef27 100644
--- a/src/cz/crcs/ectester/data/EC_Store.java
+++ b/src/cz/crcs/ectester/data/EC_Store.java
@@ -203,27 +203,15 @@ public class EC_Store {
                 if (direct instanceof Element) {
                     Element elem = (Element) direct;
 
-                    Node id = elem.getElementsByTagName("id").item(0);
-                    Node ka = elem.getElementsByTagName("ka").item(0);
-                    Node curve = elem.getElementsByTagName("curve").item(0);
-                    Node onekey = elem.getElementsByTagName("onekey").item(0);
-                    Node otherkey = elem.getElementsByTagName("otherkey").item(0);
-
-                    NodeList descc = elem.getElementsByTagName("desc");
-                    String descs = null;
-                    if (descc.getLength() != 0) {
-                        descs = descc.item(0).getTextContent();
+                    NodeList ids = elem.getElementsByTagName("id");
+                    if (ids.getLength() != 1) {
+                        throw new SAXException("result no id?");
                     }
+                    String id = ids.item(0).getTextContent();
 
-                    EC_KAResult kaResult = new EC_KAResult(id.getTextContent(), ka.getTextContent(), curve.getTextContent(), onekey.getTextContent(), otherkey.getTextContent(), descs);
-
-                    InputStream csv = parseDataElement(dir, elem);
-                    if (!kaResult.readCSV(csv)) {
-                        throw new IOException("Invalid csv data. " + id.getTextContent());
-                    }
-                    csv.close();
+                    EC_Data result = parseResultlike(dir, elem);
 
-                    objMap.put(id.getTextContent(), kaResult);
+                    objMap.put(id, result);
                 } else {
                     throw new SAXException("?");
                 }
@@ -234,6 +222,44 @@ public class EC_Store {
         return new EC_Category(name, dir, desc, objMap);
     }
 
+    private EC_Data parseResultlike(String dir, Element elem) throws SAXException, IOException {
+        String tag = elem.getTagName();
+        Node id = elem.getElementsByTagName("id").item(0);
+
+        NodeList descc = elem.getElementsByTagName("desc");
+        String descs = null;
+        if (descc.getLength() != 0) {
+            descs = descc.item(0).getTextContent();
+        }
+
+        Node curve = elem.getElementsByTagName("curve").item(0);
+
+        EC_Data result;
+        if (tag.equals("kaResult")) {
+            Node ka = elem.getElementsByTagName("ka").item(0);
+            Node onekey = elem.getElementsByTagName("onekey").item(0);
+            Node otherkey = elem.getElementsByTagName("otherkey").item(0);
+
+            result = new EC_KAResult(id.getTextContent(), ka.getTextContent(), curve.getTextContent(), onekey.getTextContent(), otherkey.getTextContent(), descs);
+        } else if (tag.equals("sigResult")) {
+            Node sig = elem.getElementsByTagName("sig").item(0);
+            Node signkey = elem.getElementsByTagName("signkey").item(0);
+            Node verifykey = elem.getElementsByTagName("verifykey").item(0);
+
+            result = new EC_SigResult(id.getTextContent(), sig.getTextContent(), curve.getTextContent(), signkey.getTextContent(), verifykey.getTextContent());
+        } else {
+            throw new SAXException("?");
+        }
+
+        InputStream csv = parseDataElement(dir, elem);
+        if (!result.readCSV(csv)) {
+            throw new IOException("Invalid csv data. " + id.getTextContent());
+        }
+        csv.close();
+
+        return result;
+    }
+
     private EC_Params parseKeylike(String dir, Element elem) throws SAXException, IOException {
         Node id = elem.getElementsByTagName("id").item(0);
         Node curve = elem.getElementsByTagName("curve").item(0);
diff --git a/src/cz/crcs/ectester/data/categories.xml b/src/cz/crcs/ectester/data/categories.xml
index 38ce683..082f92c 100644
--- a/src/cz/crcs/ectester/data/categories.xml
+++ b/src/cz/crcs/ectester/data/categories.xml
@@ -77,7 +77,7 @@
     <category>
         <name>wrong</name>
         <directory>wrong</directory>
-        <desc>Wrong field curves. These should definitely give an error when used. Since the "prime" used for the field is not prime, and the field polynomials are also not irreducible. Simply put these parameters don't specify a valid elliptic curve.</desc>
+        <desc>Wrong field curves and other wrong parameters. These should definitely give an error when used. Since the "prime" used for the field is not prime, and the field polynomials are also not irreducible. Simply put these parameters don't specify a valid elliptic curve.</desc>
     </category>
     <category>
         <name>test</name>
diff --git a/src/cz/crcs/ectester/data/cofactor/keys.xml b/src/cz/crcs/ectester/data/cofactor/keys.xml
index 8cf19a1..b4c0c90 100644
--- a/src/cz/crcs/ectester/data/cofactor/keys.xml
+++ b/src/cz/crcs/ectester/data/cofactor/keys.xml
@@ -3,9 +3,7 @@
 	<!ENTITY secg SYSTEM "cofactor/secg_keys.xml">
 	]>
 <keys xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:noNamespaceSchemaLocation="../schema.xsd"
-      category="cofactor"
-      desc="">
+      xsi:noNamespaceSchemaLocation="../schema.xsd">
 
     <pubkey>
         <id>cofactor128p2/0</id>
diff --git a/src/cz/crcs/ectester/data/composite/keys.xml b/src/cz/crcs/ectester/data/composite/keys.xml
index 8a98135..da770d8 100644
--- a/src/cz/crcs/ectester/data/composite/keys.xml
+++ b/src/cz/crcs/ectester/data/composite/keys.xml
@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <keys xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:noNamespaceSchemaLocation="../schema.xsd"
-      category="composite"
-      desc="Points on the composite curves, very small point orders(3-5).">
+      xsi:noNamespaceSchemaLocation="../schema.xsd">
     <pubkey>
         <id>composite128/1</id>
         <inline>0x746fa441b3a54d3c531bd59d119f400d,0x73aff68dbd96e1485cd2de0f6389cc70</inline>
diff --git a/src/cz/crcs/ectester/data/degenerate/keys.xml b/src/cz/crcs/ectester/data/degenerate/keys.xml
index cbeecce..b999ca0 100644
--- a/src/cz/crcs/ectester/data/degenerate/keys.xml
+++ b/src/cz/crcs/ectester/data/degenerate/keys.xml
@@ -4,9 +4,7 @@
         <!ENTITY brainpool SYSTEM "degenerate/brainpool.xml">
         ]>
 <keys xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:noNamespaceSchemaLocation="../schema.xsd"
-      category="degenerate"
-      desc="">
+      xsi:noNamespaceSchemaLocation="../schema.xsd">
     <!--
     This is messy and what not, but Java XML api doesn't support
     the XInclude selector necessary to make this work nicely, so XInclude is out...
diff --git a/src/cz/crcs/ectester/data/invalid/keys.xml b/src/cz/crcs/ectester/data/invalid/keys.xml
index 9aea479..d630129 100644
--- a/src/cz/crcs/ectester/data/invalid/keys.xml
+++ b/src/cz/crcs/ectester/data/invalid/keys.xml
@@ -27,9 +27,7 @@
         <!ENTITY secp256r1 SYSTEM "invalid/secg/secp256r1.xml">
         ]>
 <keys xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:noNamespaceSchemaLocation="../schema.xsd"
-      category="invalid"
-      desc="">
+      xsi:noNamespaceSchemaLocation="../schema.xsd">
     <!--
     This is messy and what not, but Java XML api doesn't support
     the XInclude selector necessary to make this work nicely, so XInclude is out...
diff --git a/src/cz/crcs/ectester/data/schema.xsd b/src/cz/crcs/ectester/data/schema.xsd
index 85e8107..631d2f2 100644
--- a/src/cz/crcs/ectester/data/schema.xsd
+++ b/src/cz/crcs/ectester/data/schema.xsd
@@ -51,8 +51,6 @@
                 <xs:element name="privkey" type="keyType" minOccurs="0" maxOccurs="unbounded"/>
                 <xs:element name="pubkey" type="keyType" minOccurs="0" maxOccurs="unbounded"/>
             </xs:choice>
-            <xs:attribute name="category" type="xs:string"/>
-            <xs:attribute name="desc" type="xs:string"/>
         </xs:complexType>
     </xs:element>
 
@@ -70,7 +68,7 @@
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:complexType name="resultType">
+    <xs:complexType name="kaResultType">
         <xs:all>
             <xs:element name="id" type="xs:string"/>
             <xs:element name="ka" type="kaType"/>
@@ -82,10 +80,33 @@
         </xs:all>
     </xs:complexType>
 
+    <xs:simpleType name="sigType">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="SHA1"/>
+            <xs:enumeration value="SHA224"/>
+            <xs:enumeration value="SHA256"/>
+            <xs:enumeration value="SHA384"/>
+            <xs:enumeration value="SHA512"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="sigResultType">
+        <xs:all>
+            <xs:element name="id" type="xs:string"/>
+            <xs:element name="sig" type="sigType"/>
+            <xs:element ref="data"/>
+            <xs:element name="curve" type="xs:string"/>
+            <xs:element name="signkey" type="xs:string"/>
+            <xs:element name="verifykey" type="xs:string"/>
+            <xs:element name="desc" type="xs:string" minOccurs="0"/>
+        </xs:all>
+    </xs:complexType>
+
     <xs:element name="results">
         <xs:complexType>
             <xs:sequence>
-                <xs:element name="result" type="resultType" minOccurs="0" maxOccurs="unbounded"/>
+                <xs:element name="kaResult" type="kaResultType" minOccurs="0" maxOccurs="unbounded"/>
+                <xs:element name="sigResult" type="sigResultType" minOccurs="0" maxOccurs="unbounded"/>
             </xs:sequence>
         </xs:complexType>
     </xs:element>
diff --git a/src/cz/crcs/ectester/data/test/keys.xml b/src/cz/crcs/ectester/data/test/keys.xml
index 5f86b5b..380aef1 100644
--- a/src/cz/crcs/ectester/data/test/keys.xml
+++ b/src/cz/crcs/ectester/data/test/keys.xml
@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <keys xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:noNamespaceSchemaLocation="../schema.xsd"
-      category="test"
-      desc="Test vectors">
+      xsi:noNamespaceSchemaLocation="../schema.xsd">
     <keypair>
         <id>secp160r1-U</id>
         <file>secg/secp160r1-keyU.csv</file>
diff --git a/src/cz/crcs/ectester/data/test/results.xml b/src/cz/crcs/ectester/data/test/results.xml
index 1146500..64fa86a 100644
--- a/src/cz/crcs/ectester/data/test/results.xml
+++ b/src/cz/crcs/ectester/data/test/results.xml
@@ -1,174 +1,174 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <results xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:noNamespaceSchemaLocation="../schema.xsd">
-    <result>
+    <kaResult>
         <id>secp160r1-dh</id>
         <ka>DH</ka>
         <file>secg/secp160r1-dh-sha1.csv</file>
         <curve>secg/secp160r1</curve>
         <onekey>test/secp160r1-U</onekey>
         <otherkey>test/secp160r1-V</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>sect163k1-dh</id>
         <ka>DH</ka>
         <file>secg/sect163k1-dh-sha1.csv</file>
         <curve>secg/sect163k1</curve>
         <onekey>test/sect163k1-U</onekey>
         <otherkey>test/sect163k1-V</otherkey>
-    </result>
+    </kaResult>
 
-    <result>
+    <kaResult>
         <id>brainpoolP224r1-dh</id>
         <ka>DH</ka>
         <file>brainpool/brainpoolP224r1-dh-sha1.csv</file>
         <curve>brainpool/brainpoolP224r1</curve>
         <onekey>test/brainpoolP224r1-A</onekey>
         <otherkey>test/brainpoolP224r1-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>brainpoolP256r1-dh</id>
         <ka>DH</ka>
         <file>brainpool/brainpoolP256r1-dh-sha1.csv</file>
         <curve>brainpool/brainpoolP256r1</curve>
         <onekey>test/brainpoolP256r1-A</onekey>
         <otherkey>test/brainpoolP256r1-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>brainpoolP384r1-dh</id>
         <ka>DH</ka>
         <file>brainpool/brainpoolP384r1-dh-sha1.csv</file>
         <curve>brainpool/brainpoolP384r1</curve>
         <onekey>test/brainpoolP384r1-A</onekey>
         <otherkey>test/brainpoolP384r1-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>brainpoolP512r1-dh</id>
         <ka>DH</ka>
         <file>brainpool/brainpoolP512r1-dh-sha1.csv</file>
         <curve>brainpool/brainpoolP512r1</curve>
         <onekey>test/brainpoolP512r1-A</onekey>
         <otherkey>test/brainpoolP512r1-B</otherkey>
-    </result>
+    </kaResult>
 
-    <result>
+    <kaResult>
         <id>b163-dhc</id>
         <ka>DHC</ka>
         <file>nist/b163-dhc-sha1.csv</file>
         <curve>nist/B-163</curve>
         <onekey>test/b163-A</onekey>
         <otherkey>test/b163-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>b233-dhc</id>
         <ka>DHC</ka>
         <file>nist/b233-dhc-sha1.csv</file>
         <curve>nist/B-233</curve>
         <onekey>test/b233-A</onekey>
         <otherkey>test/b233-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>b283-dhc</id>
         <ka>DHC</ka>
         <file>nist/b283-dhc-sha1.csv</file>
         <curve>nist/B-283</curve>
         <onekey>test/b283-A</onekey>
         <otherkey>test/b283-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>b409-dhc</id>
         <ka>DHC</ka>
         <file>nist/b409-dhc-sha1.csv</file>
         <curve>nist/B-409</curve>
         <onekey>test/b409-A</onekey>
         <otherkey>test/b409-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>b571-dhc</id>
         <ka>DHC</ka>
         <file>nist/b571-dhc-sha1.csv</file>
         <curve>nist/B-571</curve>
         <onekey>test/b571-A</onekey>
         <otherkey>test/b571-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>k163-dhc</id>
         <ka>DHC</ka>
         <file>nist/k163-dhc-sha1.csv</file>
         <curve>nist/B-163</curve>
         <onekey>test/k163-A</onekey>
         <otherkey>test/k163-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>k233-dhc</id>
         <ka>DHC</ka>
         <file>nist/k233-dhc-sha1.csv</file>
         <curve>nist/B-233</curve>
         <onekey>test/k233-A</onekey>
         <otherkey>test/k233-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>k283-dhc</id>
         <ka>DHC</ka>
         <file>nist/k283-dhc-sha1.csv</file>
         <curve>nist/B-283</curve>
         <onekey>test/k283-A</onekey>
         <otherkey>test/k283-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>k409-dhc</id>
         <ka>DHC</ka>
         <file>nist/k409-dhc-sha1.csv</file>
         <curve>nist/B-409</curve>
         <onekey>test/k409-A</onekey>
         <otherkey>test/k409-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>k571-dhc</id>
         <ka>DHC</ka>
         <file>nist/k571-dhc-sha1.csv</file>
         <curve>nist/B-571</curve>
         <onekey>test/k571-A</onekey>
         <otherkey>test/k571-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>p192-dhc</id>
         <ka>ANY</ka>
         <file>nist/p192-dhc-sha1.csv</file>
         <curve>nist/P-192</curve>
         <onekey>test/p192-A</onekey>
         <otherkey>test/p192-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>p224-dhc</id>
         <ka>ANY</ka>
         <file>nist/p224-dhc-sha1.csv</file>
         <curve>nist/P-224</curve>
         <onekey>test/p224-A</onekey>
         <otherkey>test/p224-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>p256-dhc</id>
         <ka>ANY</ka>
         <file>nist/p256-dhc-sha1.csv</file>
         <curve>nist/P-256</curve>
         <onekey>test/p256-A</onekey>
         <otherkey>test/p256-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>p384-dhc</id>
         <ka>ANY</ka>
         <file>nist/p384-dhc-sha1.csv</file>
         <curve>nist/P-384</curve>
         <onekey>test/p384-A</onekey>
         <otherkey>test/p384-B</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>p521-dhc</id>
         <ka>ANY</ka>
         <file>nist/p521-dhc-sha1.csv</file>
         <curve>nist/P-521</curve>
         <onekey>test/p521-A</onekey>
         <otherkey>test/p521-B</otherkey>
-    </result>
+    </kaResult>
 </results>
\ No newline at end of file
diff --git a/src/cz/crcs/ectester/data/twist/keys.xml b/src/cz/crcs/ectester/data/twist/keys.xml
index 1acbc31..df208bf 100644
--- a/src/cz/crcs/ectester/data/twist/keys.xml
+++ b/src/cz/crcs/ectester/data/twist/keys.xml
@@ -23,9 +23,7 @@
         <!ENTITY secp521r1 SYSTEM "twist/secg/secp521r1.xml">
         ]>
 <keys xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:noNamespaceSchemaLocation="../schema.xsd"
-      category="twist"
-      desc="">
+      xsi:noNamespaceSchemaLocation="../schema.xsd">
     &k163;
     &k233;
     &k283;
diff --git a/src/cz/crcs/ectester/data/wrong/keys.xml b/src/cz/crcs/ectester/data/wrong/keys.xml
new file mode 100644
index 0000000..a122bc1
--- /dev/null
+++ b/src/cz/crcs/ectester/data/wrong/keys.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<keys xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:noNamespaceSchemaLocation="../schema.xsd">
+    <pubkey>
+        <id>default_pub</id>
+        <inline>0x116d77bea845d4bd0204cb8b954c957431c23a7111a0eda94d41a3c774260e37,0x9589952dcc2034be9cb36411c59e8978fc40a7ebce5dc296d8c693a25b637969</inline>
+        <curve>secg/secp256r1</curve>
+        <desc>A random public key for default_priv.</desc>
+    </pubkey>
+    <privkey>
+        <id>default_priv</id>
+        <inline>0x92d375aebbc233bc9b60124ff7adf963917ab77bfc254418900f7ba51c85cc09</inline>
+        <curve>secg/secp256r1</curve>
+        <desc>A random private key for default_pub.</desc>
+    </privkey>
+</keys>
\ No newline at end of file
diff --git a/src/cz/crcs/ectester/data/wrong/results.xml b/src/cz/crcs/ectester/data/wrong/results.xml
new file mode 100644
index 0000000..a1ac470
--- /dev/null
+++ b/src/cz/crcs/ectester/data/wrong/results.xml
@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<results xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="../schema.xsd">
+    <sigResult>
+        <id>random</id>
+        <sig>SHA1</sig>
+        <inline>0x30440220e641671e6415629dc8398e35ae1362cb647f293a92553b1594d57fff58df302c02206baafface035e3758eea0dd9ef734976c70b6dd06f4d81d33f5e28bfb8730624</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>r0</id>
+        <sig>SHA1</sig>
+        <inline>0x3044022000000000000000000000000000000000000000000000000000000000000000000220d0837b07fe63d225733391e6808a081fd8aeb1359511feba7ca4f266727f968e</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>s0</id>
+        <sig>SHA1</sig>
+        <inline>0x304402206bea66d439da6b0b4a0e45b51e76d53336f27f7aa8e35f2008b77a8e021eff0a02200000000000000000000000000000000000000000000000000000000000000000</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>r1</id>
+        <sig>SHA1</sig>
+        <inline>0x3044022000000000000000000000000000000000000000000000000000000000000000010220e660f19ddc20a30adda6ca175577b492e238ef8734b904a31045d453825974d4</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>s1</id>
+        <sig>SHA1</sig>
+        <inline>0x30440220d30ab3301d7132edbead77c0d622bbb7be8626c9ac5ee6c536281e6c18e79ab002200000000000000000000000000000000000000000000000000000000000000001</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>r0s0</id>
+        <sig>SHA1</sig>
+        <inline>0x30440220000000000000000000000000000000000000000000000000000000000000000002200000000000000000000000000000000000000000000000000000000000000000</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>r0s1</id>
+        <sig>SHA1</sig>
+        <inline>0x30440220000000000000000000000000000000000000000000000000000000000000000002200000000000000000000000000000000000000000000000000000000000000001</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>r1s0</id>
+        <sig>SHA1</sig>
+        <inline>0x30440220000000000000000000000000000000000000000000000000000000000000000102200000000000000000000000000000000000000000000000000000000000000000</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>r1s1</id>
+        <sig>SHA1</sig>
+        <inline>0x30440220000000000000000000000000000000000000000000000000000000000000000102200000000000000000000000000000000000000000000000000000000000000001</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>sp</id>
+        <sig>SHA1</sig>
+        <inline>0x30440220fc48281b60b73752f3e20c25e8a06b335122d5890db28d2969d3145fcd384e7b0220ffffffff00000001000000000000000000000000ffffffffffffffffffffffff</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>s2p</id>
+        <sig>SHA1</sig>
+        <inline>0x30450220feba982489753a51a69fd582673d2e62b6b07cc6374237c1424f1e469cb00a98022101fffffffe00000002000000000000000000000001fffffffffffffffffffffffe</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>long</id>
+        <sig>SHA1</sig>
+        <inline>0x30420220e641671e6415629dc8398e35ae1362cb647f293a92553b1594d57fff58df302c02206baafface035e3758eea0dd9ef734976c70b6dd06f4d81d33f5e28bfb8730624</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>short</id>
+        <sig>SHA1</sig>
+        <inline>0x30460220e641671e6415629dc8398e35ae1362cb647f293a92553b1594d57fff58df302c02206baafface035e3758eea0dd9ef734976c70b6dd06f4d81d33f5e28bfb8730624</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>long_r</id>
+        <sig>SHA1</sig>
+        <inline>0x3044021ee641671e6415629dc8398e35ae1362cb647f293a92553b1594d57fff58df302c02206baafface035e3758eea0dd9ef734976c70b6dd06f4d81d33f5e28bfb8730624</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>long_s</id>
+        <sig>SHA1</sig>
+        <inline>0x30440220e641671e6415629dc8398e35ae1362cb647f293a92553b1594d57fff58df302c021e6baafface035e3758eea0dd9ef734976c70b6dd06f4d81d33f5e28bfb8730624</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>short_r</id>
+        <sig>SHA1</sig>
+        <inline>0x30440222e641671e6415629dc8398e35ae1362cb647f293a92553b1594d57fff58df302c02206baafface035e3758eea0dd9ef734976c70b6dd06f4d81d33f5e28bfb8730624</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+    <sigResult>
+        <id>short_s</id>
+        <sig>SHA1</sig>
+        <inline>0x30440220e641671e6415629dc8398e35ae1362cb647f293a92553b1594d57fff58df302c02226baafface035e3758eea0dd9ef734976c70b6dd06f4d81d33f5e28bfb8730624</inline>
+        <curve>secg/secp256r1</curve>
+        <signkey>wrong/default_priv</signkey>
+        <verifykey>wrong/default_pub</verifykey>
+    </sigResult>
+</results>
\ No newline at end of file
diff --git a/src/cz/crcs/ectester/data/wycheproof/keys.xml b/src/cz/crcs/ectester/data/wycheproof/keys.xml
index 46cd697..46359df 100644
--- a/src/cz/crcs/ectester/data/wycheproof/keys.xml
+++ b/src/cz/crcs/ectester/data/wycheproof/keys.xml
@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <keys xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:noNamespaceSchemaLocation="../schema.xsd"
-      category="wycheproof"
-      desc="">
+      xsi:noNamespaceSchemaLocation="../schema.xsd">
     <privkey>
         <id>addsub/secp224r1/1s</id>
         <inline>0x0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c29b7</inline>
diff --git a/src/cz/crcs/ectester/data/wycheproof/results.xml b/src/cz/crcs/ectester/data/wycheproof/results.xml
index 5508f4c..094043c 100644
--- a/src/cz/crcs/ectester/data/wycheproof/results.xml
+++ b/src/cz/crcs/ectester/data/wycheproof/results.xml
@@ -1,71 +1,71 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <results xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:noNamespaceSchemaLocation="../schema.xsd">
-    <result>
+    <kaResult>
         <id>addsub/secp224r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x475fd96e0eb8cb8f100a5d7fe043a7a6851d1d611da2643a3c6ae708</inline>
         <curve>secg/secp224r1</curve>
         <onekey>wycheproof/addsub/secp224r1/1s</onekey>
         <otherkey>wycheproof/addsub/secp224r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp224r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x41ef931d669d1f57d8bb95a01a92321da74be8c6cbc3bbe0b2e73ebd</inline>
         <curve>secg/secp224r1</curve>
         <onekey>wycheproof/addsub/secp224r1/2s</onekey>
         <otherkey>wycheproof/addsub/secp224r1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp224r1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x11ff15126411299cbd49e2b7542e69e91ef132e2551a16ecfebb23a3</inline>
         <curve>secg/secp224r1</curve>
         <onekey>wycheproof/addsub/secp224r1/3s</onekey>
         <otherkey>wycheproof/addsub/secp224r1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xf7407d61fdf581be4f564621d590ca9b7ba37f31396150f9922f1501da8c83ef</inline>
         <curve>secg/secp256r1</curve>
         <onekey>wycheproof/addsub/secp256r1/1s</onekey>
         <otherkey>wycheproof/addsub/secp256r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x82236fd272208693e0574555ca465c6cc512163486084fa57f5e1bd2e2ccc0b3</inline>
         <curve>secg/secp256r1</curve>
         <onekey>wycheproof/addsub/secp256r1/2s</onekey>
         <otherkey>wycheproof/addsub/secp256r1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256r1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x06537149664dba1a9924654cb7f787ed224851b0df25ef53fcf54f8f26cd5f3f</inline>
         <curve>secg/secp256r1</curve>
         <onekey>wycheproof/addsub/secp256r1/3s</onekey>
         <otherkey>wycheproof/addsub/secp256r1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256r1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xf2b38539bce995d443c7bfeeefadc9e42cc2c89c60bf4e86eac95d51987bd112</inline>
         <curve>secg/secp256r1</curve>
         <onekey>wycheproof/addsub/secp256r1/4s</onekey>
         <otherkey>wycheproof/addsub/secp256r1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256r1/5test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x027b013a6f166db655d69d643c127ef8ace175311e667dff2520f5b5c75b7659</inline>
         <curve>secg/secp256r1</curve>
         <onekey>wycheproof/addsub/secp256r1/5s</onekey>
         <otherkey>wycheproof/addsub/secp256r1/5w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp384r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x2ecf9dc47e8b07ae61ddbd1680ead02698e9e8469f78d5a28328e48d0c9d7a2ac787e50cba58cc44a32fb1235d2d7027
@@ -73,8 +73,8 @@
         <curve>secg/secp384r1</curve>
         <onekey>wycheproof/addsub/secp384r1/1s</onekey>
         <otherkey>wycheproof/addsub/secp384r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp384r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x06ee9f55079d3d3c18c683ba33e0d2521be97c4fbf7917bf3b6287d58ffcde2df88842e3f5530b39549ac20974b1b60e
@@ -82,8 +82,8 @@
         <curve>secg/secp384r1</curve>
         <onekey>wycheproof/addsub/secp384r1/2s</onekey>
         <otherkey>wycheproof/addsub/secp384r1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp384r1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x024c5281487216058270cd1cfe259e948310e4adc263a9edaa4da0bc3f5f8ce8ffc88ae41b2c050bf6dd9c8c66857237
@@ -91,8 +91,8 @@
         <curve>secg/secp384r1</curve>
         <onekey>wycheproof/addsub/secp384r1/3s</onekey>
         <otherkey>wycheproof/addsub/secp384r1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp521r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -101,8 +101,8 @@
         <curve>secg/secp521r1</curve>
         <onekey>wycheproof/addsub/secp521r1/1s</onekey>
         <otherkey>wycheproof/addsub/secp521r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp521r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -111,8 +111,8 @@
         <curve>secg/secp521r1</curve>
         <onekey>wycheproof/addsub/secp521r1/2s</onekey>
         <otherkey>wycheproof/addsub/secp521r1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp521r1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -121,8 +121,8 @@
         <curve>secg/secp521r1</curve>
         <onekey>wycheproof/addsub/secp521r1/3s</onekey>
         <otherkey>wycheproof/addsub/secp521r1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp521r1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -131,8 +131,8 @@
         <curve>secg/secp521r1</curve>
         <onekey>wycheproof/addsub/secp521r1/4s</onekey>
         <otherkey>wycheproof/addsub/secp521r1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp521r1/5test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -141,8 +141,8 @@
         <curve>secg/secp521r1</curve>
         <onekey>wycheproof/addsub/secp521r1/5s</onekey>
         <otherkey>wycheproof/addsub/secp521r1/5w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp521r1/6test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -151,160 +151,160 @@
         <curve>secg/secp521r1</curve>
         <onekey>wycheproof/addsub/secp521r1/6s</onekey>
         <otherkey>wycheproof/addsub/secp521r1/6w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256k1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x09c7337df6c2b35edf3a21382511cc5add1a71a84cbf8d3396a5be548d92fa67</inline>
         <curve>secg/secp256k1</curve>
         <onekey>wycheproof/addsub/secp256k1/1s</onekey>
         <otherkey>wycheproof/addsub/secp256k1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256k1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xd16caedd25793666f9e26f5331382106f54095b3d20d40c745b68ca76c0e6983</inline>
         <curve>secg/secp256k1</curve>
         <onekey>wycheproof/addsub/secp256k1/2s</onekey>
         <otherkey>wycheproof/addsub/secp256k1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256k1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xb8ae1e21d8b34ce4caffed7167a26868ec80a7d4a6a98b639d4d05cd226504de</inline>
         <curve>secg/secp256k1</curve>
         <onekey>wycheproof/addsub/secp256k1/3s</onekey>
         <otherkey>wycheproof/addsub/secp256k1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256k1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x02776315fe147a36a4b0987492b6503acdea60f926450e5eddb9f88fc82178d3</inline>
         <curve>secg/secp256k1</curve>
         <onekey>wycheproof/addsub/secp256k1/4s</onekey>
         <otherkey>wycheproof/addsub/secp256k1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256k1/5test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x3988c9c7050a28794934e5bd67629b556d97a4858d22812835f4a37dca351943</inline>
         <curve>secg/secp256k1</curve>
         <onekey>wycheproof/addsub/secp256k1/5s</onekey>
         <otherkey>wycheproof/addsub/secp256k1/5w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/secp256k1/6test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x4b52257d8b3ba387797fdf7a752f195ddc4f7d76263de61d0d52a5ec14a36cbf</inline>
         <curve>secg/secp256k1</curve>
         <onekey>wycheproof/addsub/secp256k1/6s</onekey>
         <otherkey>wycheproof/addsub/secp256k1/6w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP224r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x1be0d59d1f0f3a743ae19c5246099391098f71444223831e16cfa0c5</inline>
         <curve>brainpool/brainpoolP224r1</curve>
         <onekey>wycheproof/addsub/brainpoolP224r1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP224r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP224r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x7e00a9267243cea4ba7617860b6fcf404e0357d1202d8c85dc5e07d3</inline>
         <curve>brainpool/brainpoolP224r1</curve>
         <onekey>wycheproof/addsub/brainpoolP224r1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP224r1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP224r1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xaac6a805f4ce1b6dcc13ec4ed16a889dc4d708f7f6f1e23471338324</inline>
         <curve>brainpool/brainpoolP224r1</curve>
         <onekey>wycheproof/addsub/brainpoolP224r1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP224r1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP256r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x1950b7ce510d4d8648e80c6385a42d005433fc5ca61e2022a1405fe18142c246</inline>
         <curve>brainpool/brainpoolP256r1</curve>
         <onekey>wycheproof/addsub/brainpoolP256r1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP256r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP256r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x5c05c4d877a0e2af5ffa004c122630bb87157cf346dbeb8ae13017162da208f4</inline>
         <curve>brainpool/brainpoolP256r1</curve>
         <onekey>wycheproof/addsub/brainpoolP256r1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP256r1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP256r1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x9639bbd4e22194ce3892a814c82eddbd21dde05cfac20e99396e3d6ef0841f7c</inline>
         <curve>brainpool/brainpoolP256r1</curve>
         <onekey>wycheproof/addsub/brainpoolP256r1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP256r1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP256r1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x341cbdf61f9dd620ba6873a74804afe30a06b0a113a6916a4104d2d4cc196aec</inline>
         <curve>brainpool/brainpoolP256r1</curve>
         <onekey>wycheproof/addsub/brainpoolP256r1/4s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP256r1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xc0038da858441f559a864dcd6c4558437f9ad091a67c3fda69a9e0cb6f446a8b47ae95edc2f4eade</inline>
         <curve>brainpool/brainpoolP320r1</curve>
         <onekey>wycheproof/addsub/brainpoolP320r1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x8258131a80bc9f2b8ba532ef1253ef39dce25e6deb85227c670273521c311dbb9bf1a56dd29107b3</inline>
         <curve>brainpool/brainpoolP320r1</curve>
         <onekey>wycheproof/addsub/brainpoolP320r1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320r1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320r1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xae752e75684a9adfc6198e6c1ce9249d26743104e8b0bd0417998c62982622ea2fdf6917413d547c</inline>
         <curve>brainpool/brainpoolP320r1</curve>
         <onekey>wycheproof/addsub/brainpoolP320r1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320r1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320r1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x37bfbb637fce27ee80b3af326546303e0bd8af01b72f591830a548609055bda489d9a4e6b5e3f43e</inline>
         <curve>brainpool/brainpoolP320r1</curve>
         <onekey>wycheproof/addsub/brainpoolP320r1/4s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320r1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320r1/5test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x854ce9516e73c6cc8d0d6ce3cdf933541a719578712440f02a86829af1398fcab2bb0949c1d63106</inline>
         <curve>brainpool/brainpoolP320r1</curve>
         <onekey>wycheproof/addsub/brainpoolP320r1/5s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320r1/5w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320r1/6test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x7dfd07c1cfe70db4772cf9f6bb6b58a10bbc9509e5ce86651d5c395f3544f62d6d8f8109edba441a</inline>
         <curve>brainpool/brainpoolP320r1</curve>
         <onekey>wycheproof/addsub/brainpoolP320r1/6s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320r1/6w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP384r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x3729bcd215b41c658b832686c81362b3485d75b09478c6dde3b5e278564ef4162bdd6ff65afc6e8213bba9b6c54ba1eb
@@ -312,8 +312,8 @@
         <curve>brainpool/brainpoolP384r1</curve>
         <onekey>wycheproof/addsub/brainpoolP384r1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP384r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP384r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x12ba4622daf1f2f950aad6d54aaab821885a47a98573afea49bc1896041ee9501acef82810f3755ff284e16665bd0f62
@@ -321,8 +321,8 @@
         <curve>brainpool/brainpoolP384r1</curve>
         <onekey>wycheproof/addsub/brainpoolP384r1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP384r1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP384r1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x7fb5398519857f2c17cddd0a9d2c1660ac35b4723e4a049ba5c58c458b742dfa813a5c7175e1c0974b514bfaeb0039f8
@@ -330,8 +330,8 @@
         <curve>brainpool/brainpoolP384r1</curve>
         <onekey>wycheproof/addsub/brainpoolP384r1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP384r1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP384r1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x0f0a1d20ba6a7b2c48154b43870be4890979d9261950736de96c29f371233b1ef94a79c2ab698868f00cea7e912deb94
@@ -339,8 +339,8 @@
         <curve>brainpool/brainpoolP384r1</curve>
         <onekey>wycheproof/addsub/brainpoolP384r1/4s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP384r1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP512r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -349,8 +349,8 @@
         <curve>brainpool/brainpoolP512r1</curve>
         <onekey>wycheproof/addsub/brainpoolP512r1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP512r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP512r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -359,8 +359,8 @@
         <curve>brainpool/brainpoolP512r1</curve>
         <onekey>wycheproof/addsub/brainpoolP512r1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP512r1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP512r1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -369,8 +369,8 @@
         <curve>brainpool/brainpoolP512r1</curve>
         <onekey>wycheproof/addsub/brainpoolP512r1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP512r1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP512r1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -379,112 +379,112 @@
         <curve>brainpool/brainpoolP512r1</curve>
         <onekey>wycheproof/addsub/brainpoolP512r1/4s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP512r1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP224t1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x97ded4c2e06b5a13c9109be3fa42dc2ca93a306fdf9e85ac4bb02e22</inline>
         <curve>brainpool/brainpoolP224t1</curve>
         <onekey>wycheproof/addsub/brainpoolP224t1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP224t1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP224t1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x686798270c7e188e6ab3e28a10754f965d5d02f33d30d8faf38155f4</inline>
         <curve>brainpool/brainpoolP224t1</curve>
         <onekey>wycheproof/addsub/brainpoolP224t1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP224t1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP224t1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xd64f68debaf751d63da1883668822031c69e913cc53b969e5fbae845</inline>
         <curve>brainpool/brainpoolP224t1</curve>
         <onekey>wycheproof/addsub/brainpoolP224t1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP224t1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP256t1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x4875ed4b2bc7e7a0cb89d93b359fa72ddaf0377ddeddd33f62ec2450cd80e7cd</inline>
         <curve>brainpool/brainpoolP256t1</curve>
         <onekey>wycheproof/addsub/brainpoolP256t1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP256t1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP256t1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x315637f94d6776cc3928c1ffbe3c7004aa70b787cc0687faee1da5f9324a36c4</inline>
         <curve>brainpool/brainpoolP256t1</curve>
         <onekey>wycheproof/addsub/brainpoolP256t1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP256t1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP256t1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x54d1009ab7d3cb9d4314ea7512f7bc4d916ecd47bc9e491ad4a6d65a40672554</inline>
         <curve>brainpool/brainpoolP256t1</curve>
         <onekey>wycheproof/addsub/brainpoolP256t1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP256t1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP256t1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x892923527eb529de963e902641c01701a66cd999d1b665717d7b11cbb5a96f7c</inline>
         <curve>brainpool/brainpoolP256t1</curve>
         <onekey>wycheproof/addsub/brainpoolP256t1/4s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP256t1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320t1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x147c9b3b4880f7f6d4eb96f891672cb0d09a6bef15574ab2a43f09ae7f8090cdfa81517e098dac1e</inline>
         <curve>brainpool/brainpoolP320t1</curve>
         <onekey>wycheproof/addsub/brainpoolP320t1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320t1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320t1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x47f4412278edc51ba0635853a82e033b164a68194d4c3e2492017432daaa8c35684c343f701f6b02</inline>
         <curve>brainpool/brainpoolP320t1</curve>
         <onekey>wycheproof/addsub/brainpoolP320t1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320t1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320t1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xa64c2b075abf446a9ba43f6ffcefda795835ab2e1c4d19bd9c9ede59cd9eaf9c831a520b1e0ce269</inline>
         <curve>brainpool/brainpoolP320t1</curve>
         <onekey>wycheproof/addsub/brainpoolP320t1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320t1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320t1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xb3b25821ac9b07c614f6fce7f9a1c2325d3cbd51cac82dadeb79037a23bce03b0352407ccd447af8</inline>
         <curve>brainpool/brainpoolP320t1</curve>
         <onekey>wycheproof/addsub/brainpoolP320t1/4s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320t1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320t1/5test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x594aebd8010757d15f79631af0e481310359e0086e4e988ab5525a9303aaf800cd4ef123ceb68875</inline>
         <curve>brainpool/brainpoolP320t1</curve>
         <onekey>wycheproof/addsub/brainpoolP320t1/5s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320t1/5w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP320t1/6test</id>
         <ka>DH_PLAIN</ka>
         <inline>0xc7e67dc2f64d0e66841777a6f014340b8a63f42024c6cd5ac5e10cec3b02a2d050c2fd8f078a754f</inline>
         <curve>brainpool/brainpoolP320t1</curve>
         <onekey>wycheproof/addsub/brainpoolP320t1/6s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP320t1/6w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP384t1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x22d772bd2104c3d24b8505b3e7d1f3f00ca2dacb493ca729170854ef2158407a0ffab006153d5cb7781e9cb57cda505f
@@ -492,8 +492,8 @@
         <curve>brainpool/brainpoolP384t1</curve>
         <onekey>wycheproof/addsub/brainpoolP384t1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP384t1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP384t1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x2b2c617f8c84713f8440e5e273341d69edf9e6ea2056af38ccfc6ee733a9c11e1f9aa63cb3615d2b3cebe69d8360a2bd
@@ -501,8 +501,8 @@
         <curve>brainpool/brainpoolP384t1</curve>
         <onekey>wycheproof/addsub/brainpoolP384t1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP384t1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP384t1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x28518f75e020e00095d47166f7825f1767b6425172decde390c9266764c8b631608dc323b8415c39c9d0b8a24cd337ac
@@ -510,8 +510,8 @@
         <curve>brainpool/brainpoolP384t1</curve>
         <onekey>wycheproof/addsub/brainpoolP384t1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP384t1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP384t1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x4424a1b48eba0524e4aa82455e282b35cf0d13d8536fe6c410cd5050f3d4d1739254945a8f580d43ee0245b1df67de56
@@ -519,8 +519,8 @@
         <curve>brainpool/brainpoolP384t1</curve>
         <onekey>wycheproof/addsub/brainpoolP384t1/4s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP384t1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP512t1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -529,8 +529,8 @@
         <curve>brainpool/brainpoolP512t1</curve>
         <onekey>wycheproof/addsub/brainpoolP512t1/1s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP512t1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP512t1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -539,8 +539,8 @@
         <curve>brainpool/brainpoolP512t1</curve>
         <onekey>wycheproof/addsub/brainpoolP512t1/2s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP512t1/2w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP512t1/3test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -549,8 +549,8 @@
         <curve>brainpool/brainpoolP512t1</curve>
         <onekey>wycheproof/addsub/brainpoolP512t1/3s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP512t1/3w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>addsub/brainpoolP512t1/4test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -559,8 +559,8 @@
         <curve>brainpool/brainpoolP512t1</curve>
         <onekey>wycheproof/addsub/brainpoolP512t1/4s</onekey>
         <otherkey>wycheproof/addsub/brainpoolP512t1/4w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>cve_2017_10176/secp521r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>
@@ -569,21 +569,21 @@
         <curve>secg/secp521r1</curve>
         <onekey>wycheproof/cve_2017_10176/secp521r1/1s</onekey>
         <otherkey>wycheproof/cve_2017_10176/secp521r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>cve_2017_8932/secp256r1/1test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3</inline>
         <curve>secg/secp256r1</curve>
         <onekey>wycheproof/cve_2017_8932/secp256r1/1s</onekey>
         <otherkey>wycheproof/cve_2017_8932/secp256r1/1w</otherkey>
-    </result>
-    <result>
+    </kaResult>
+    <kaResult>
         <id>cve_2017_8932/secp256r1/2test</id>
         <ka>DH_PLAIN</ka>
         <inline>0x831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991</inline>
         <curve>secg/secp256r1</curve>
         <onekey>wycheproof/cve_2017_8932/secp256r1/2s</onekey>
         <otherkey>wycheproof/cve_2017_8932/secp256r1/2w</otherkey>
-    </result>
+    </kaResult>
 </results>
\ No newline at end of file
diff --git a/src/cz/crcs/ectester/reader/ECTesterReader.java b/src/cz/crcs/ectester/reader/ECTesterReader.java
index 7bdf0f1..6b187f5 100644
--- a/src/cz/crcs/ectester/reader/ECTesterReader.java
+++ b/src/cz/crcs/ectester/reader/ECTesterReader.java
@@ -275,7 +275,7 @@ public class ECTesterReader {
         actions.addOption(Option.builder("ln").longOpt("list-named").desc("Print the list of supported named curves and keys.").hasArg().argName("what").optionalArg(true).build());
         actions.addOption(Option.builder("e").longOpt("export").desc("Export the defaut curve parameters of the card(if any).").build());
         actions.addOption(Option.builder("g").longOpt("generate").desc("Generate <amount> of EC keys.").hasArg().argName("amount").optionalArg(true).build());
-        actions.addOption(Option.builder("t").longOpt("test").desc("Test ECC support. Optionally specify a test number to run only a part of a test suite. <test_suite>:\n- default:\n- compression:\n- invalid:\n- twist:\n- degenerate:\n- cofactor:\n- wrong:\n- composite:\n- test-vectors:\n- edge-cases:\n- miscellaneous:").hasArg().argName("test_suite[:from[:to]]").optionalArg(true).build());
+        actions.addOption(Option.builder("t").longOpt("test").desc("Test ECC support. Optionally specify a test number to run only a part of a test suite. <test_suite>:\n- default:\n- compression:\n- invalid:\n- twist:\n- degenerate:\n- cofactor:\n- wrong:\n- signature:\n- composite:\n- test-vectors:\n- edge-cases:\n- miscellaneous:").hasArg().argName("test_suite[:from[:to]]").optionalArg(true).build());
         actions.addOption(Option.builder("dh").longOpt("ecdh").desc("Do EC KeyAgreement (ECDH...), [count] times.").hasArg().argName("count").optionalArg(true).build());
         actions.addOption(Option.builder("dsa").longOpt("ecdsa").desc("Sign data with ECDSA, [count] times.").hasArg().argName("count").optionalArg(true).build());
         actions.addOption(Option.builder("ls").longOpt("list-suites").desc("List supported test suites.").build());
@@ -341,6 +341,7 @@ public class ECTesterReader {
                 new CardCompositeSuite(null, null, null),
                 new CardInvalidSuite(null, null, null),
                 new CardEdgeCasesSuite(null, null, null),
+                new CardSignatureSuite(null, null, null),
                 new CardTwistSuite(null, null, null),
                 new CardMiscSuite(null, null, null)};
         for (CardTestSuite suite : suites) {
@@ -475,6 +476,9 @@ public class ECTesterReader {
             case "miscellaneous":
                 suite = new CardMiscSuite(writer, cfg, cardManager);
                 break;
+            case "signature":
+                suite = new CardSignatureSuite(writer, cfg, cardManager);
+                break;
             default:
                 // These run are dangerous, prompt before them.
                 System.out.println("The test you selected (" + cfg.testSuite + ") is potentially dangerous.");
@@ -872,7 +876,7 @@ public class ECTesterReader {
                     testFrom = 0;
                     testTo = -1;
                 }
-                String[] tests = new String[]{"default", "composite", "compression", "invalid", "degenerate", "test-vectors", "wrong", "twist", "cofactor", "edge-cases", "miscellaneous"};
+                String[] tests = new String[]{"default", "composite", "compression", "invalid", "degenerate", "test-vectors", "wrong", "twist", "cofactor", "edge-cases", "miscellaneous", "signature"};
                 if (!Arrays.asList(tests).contains(testSuite)) {
                     System.err.println(Colors.error("Unknown test suite " + testSuite + ". Should be one of: " + Arrays.toString(tests)));
                     return false;
diff --git a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java
index 39024b8..189adbe 100644
--- a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java
@@ -15,7 +15,6 @@ import cz.crcs.ectester.reader.command.Command;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
-import java.util.Random;
 
 import static cz.crcs.ectester.common.test.Result.ExpectedValue;
 
@@ -48,29 +47,11 @@ public class CardCofactorSuite extends CardTestSuite {
             }
             Test ecdh = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH with public points on non-generator subgroup.", ecdhTests.toArray(new Test[0]));
 
-            Random r = new Random();
-            byte[] raw = new byte[128];
-            byte[] sig = new byte[40];
-            r.nextBytes(raw);
-            r.nextBytes(sig);
-
-            List<Test> ecdsaTests = new LinkedList<>();
-            for (EC_Key.Public pub : keys) {
-                Command setCommand = new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, pub.getParams(), pub.flatten());
-                Test setTest = CommandTest.expect(setCommand, ExpectedValue.ANY);
-                Command ecdsaCommand = new Command.ECDSA_verify(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.Signature_ALG_ECDSA_SHA, raw, sig);
-                Test ecdsaTest = CommandTest.expect(ecdsaCommand, ExpectedValue.FAILURE);
-                ecdsaTests.add(CompoundTest.all(ExpectedValue.SUCCESS, "Verify random ECDSA signature by " + pub.getId() + ".", setTest, ecdsaTest));
-            }
-            Test ecdsa = CompoundTest.all(ExpectedValue.SUCCESS, "Verify random ECDSA signature by public points on non-generator subgroup.", ecdsaTests.toArray(new Test[0]));
-
-            Test tests = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH and ECDSA tests.", ecdh, ecdsa);
-
             if (cfg.cleanup) {
                 Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS);
-                doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, tests, cleanup));
+                doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, ecdh, cleanup));
             } else {
-                doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, tests));
+                doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, ecdh));
             }
         }
     }
diff --git a/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java b/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java
index 59a427f..7945057 100644
--- a/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java
@@ -53,28 +53,11 @@ public class CardInvalidSuite extends CardTestSuite {
             }
             Test ecdh = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH with invalid public points", ecdhTests.toArray(new Test[0]));
 
-            Random r = new Random();
-            byte[] raw = new byte[128];
-            byte[] sig = new byte[40];
-            r.nextBytes(raw);
-            r.nextBytes(sig);
-
-            List<Test> ecdsaTests = new LinkedList<>();
-            for (EC_Key.Public pub : keys) {
-                Command setCommand = new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, pub.getParams(), pub.flatten());
-                Test setTest = CommandTest.expect(setCommand, Result.ExpectedValue.ANY);
-                Command ecdsaCommand = new Command.ECDSA_verify(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.Signature_ALG_ECDSA_SHA, raw, sig);
-                Test ecdsaTest = CommandTest.expect(ecdsaCommand, Result.ExpectedValue.FAILURE);
-                ecdsaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Verify random ECDSA signature by " + pub.getId(), setTest, ecdsaTest));
-            }
-            Test ecdsa = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Verify random ECDSA signature by invalid public points", ecdsaTests.toArray(new Test[0]));
-
-            Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Test ECDH and ECDSA with points on invalid curves.", ecdh, ecdsa);
             if (cfg.cleanup) {
                 Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS);
-                doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, tests, cleanup));
+                doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, ecdh, cleanup));
             } else {
-                doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, tests));
+                doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, ecdh));
             }
         }
     }
diff --git a/src/cz/crcs/ectester/reader/test/CardSignatureSuite.java b/src/cz/crcs/ectester/reader/test/CardSignatureSuite.java
new file mode 100644
index 0000000..23b6bce
--- /dev/null
+++ b/src/cz/crcs/ectester/reader/test/CardSignatureSuite.java
@@ -0,0 +1,45 @@
+package cz.crcs.ectester.reader.test;
+
+import cz.crcs.ectester.applet.ECTesterApplet;
+import cz.crcs.ectester.applet.EC_Consts;
+import cz.crcs.ectester.common.ec.EC_Curve;
+import cz.crcs.ectester.common.ec.EC_Key;
+import cz.crcs.ectester.common.ec.EC_SigResult;
+import cz.crcs.ectester.common.output.TestWriter;
+import cz.crcs.ectester.common.test.CompoundTest;
+import cz.crcs.ectester.common.test.Result;
+import cz.crcs.ectester.common.test.Test;
+import cz.crcs.ectester.data.EC_Store;
+import cz.crcs.ectester.reader.CardMngr;
+import cz.crcs.ectester.reader.ECTesterReader;
+import cz.crcs.ectester.reader.command.Command;
+
+import java.util.Map;
+
+/**
+ * @author Jan Jancar johny@neuromancer.sk
+ */
+public class CardSignatureSuite extends CardTestSuite {
+    public CardSignatureSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager) {
+        super(writer, cfg, cardManager, "signature", "Test verifying various wrong ECDSA values.");
+    }
+
+    @Override
+    protected void runTests() throws Exception {
+        Map<String, EC_SigResult> results = EC_Store.getInstance().getObjects(EC_SigResult.class, "wrong");
+        for (Map.Entry<String, EC_SigResult> result : results.entrySet()) {
+            EC_SigResult sig = result.getValue();
+
+            EC_Key.Public pubkey = EC_Store.getInstance().getObject(EC_Key.Public.class, sig.getVerifyKey());
+            byte[] data = new byte[128];
+
+            EC_Curve curve = EC_Store.getInstance().getObject(EC_Curve.class, sig.getCurve());
+            Test allocate = CommandTest.expect(new Command.Allocate(this.card, ECTesterApplet.KEYPAIR_LOCAL, curve.getBits(), curve.getField()), Result.ExpectedValue.SUCCESS);
+            Test set = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), Result.ExpectedValue.SUCCESS);
+            Test setVerifyKey = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.CURVE_external, pubkey.getParams(), pubkey.flatten()), Result.ExpectedValue.SUCCESS);
+            Test ecdsaVerify = CommandTest.expect(new Command.ECDSA_verify(this.card, ECTesterApplet.KEYPAIR_LOCAL, sig.getJavaCardSig(), data, sig.getData(0)), Result.ExpectedValue.FAILURE);
+
+            doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "ECDSA test of " + result.getKey() + ".", allocate, set, setVerifyKey, ecdsaVerify));
+        }
+    }
+}
diff --git a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java
index 1e1f5f3..d86b411 100644
--- a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java
@@ -47,23 +47,7 @@ public class CardTwistSuite extends CardTestSuite {
             }
             Test ecdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH with public points on twist", ecdhTests.toArray(new Test[0]));
 
-            Random r = new Random();
-            byte[] raw = new byte[128];
-            byte[] sig = new byte[40];
-            r.nextBytes(raw);
-            r.nextBytes(sig);
-
-            List<Test> ecdsaTests = new LinkedList<>();
-            for (EC_Key.Public pub : keys) {
-                Command setCommand = new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, pub.getParams(), pub.flatten());
-                Test setTest = CommandTest.expect(setCommand, Result.ExpectedValue.ANY);
-                Command ecdsaCommand = new Command.ECDSA_verify(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.Signature_ALG_ECDSA_SHA, raw, sig);
-                Test ecdsaTest = CommandTest.expect(ecdsaCommand, Result.ExpectedValue.FAILURE);
-                ecdsaTests.add(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Verify random ECDSA signature by " + pub.getId(), setTest, ecdsaTest));
-            }
-            Test ecdsa = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Verify random ECDSA signature by public points on twist", ecdsaTests.toArray(new Test[0]));
-
-            Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, ecdh, ecdsa);
+            Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Do tests.", ecdh);
             if (cfg.cleanup) {
                 Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS);
                 doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId(), prepare, tests, cleanup));
diff --git a/src/cz/crcs/ectester/reader/test/CommandTest.java b/src/cz/crcs/ectester/reader/test/CommandTest.java
index d57dc17..cdd1cbf 100644
--- a/src/cz/crcs/ectester/reader/test/CommandTest.java
+++ b/src/cz/crcs/ectester/reader/test/CommandTest.java
@@ -6,6 +6,8 @@ import cz.crcs.ectester.common.test.TestCallback;
 import cz.crcs.ectester.reader.command.Command;
 import cz.crcs.ectester.reader.response.Response;
 
+import java.util.Arrays;
+
 /**
  * A simple test that runs one Command to get and evaluate one Response
  * to get a Result and compare it with the expected one.
@@ -47,6 +49,23 @@ public class CommandTest extends SimpleTest<CommandTestable> {
         return expect(command, expectedValue, null, null);
     }
 
+    public static CommandTest expectSW(CommandTestable command, short... expectedSWS) {
+        return new CommandTest(command,  new TestCallback<CommandTestable>() {
+            @Override
+            public Result apply(CommandTestable commandTestable) {
+                if (Arrays.equals(commandTestable.getResponse().getSWs(), expectedSWS)) {
+                    return new Result(Result.Value.SUCCESS);
+                } else {
+                    return new Result(Result.Value.FAILURE);
+                }
+            }
+        });
+    }
+
+    public static CommandTest expectSW(Command command, short... expectedSWS) {
+        return expectSW(new CommandTestable(command), expectedSWS);
+    }
+
     public Command getCommand() {
         return testable.getCommand();
     }
-- 
cgit v1.2.3-70-g09d2


From fb19b67c5f707af80cba280efa0ae0fa20d7fc8f Mon Sep 17 00:00:00 2001
From: J08nY
Date: Sun, 12 Aug 2018 14:04:53 +0200
Subject: Reformat reader package.

---
 src/cz/crcs/ectester/reader/ECTesterReader.java           | 1 -
 src/cz/crcs/ectester/reader/output/FileTestWriter.java    | 2 +-
 src/cz/crcs/ectester/reader/output/YAMLTestWriter.java    | 5 ++++-
 src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java | 2 +-
 src/cz/crcs/ectester/reader/test/CardTwistSuite.java      | 2 +-
 src/cz/crcs/ectester/reader/test/CommandTest.java         | 2 +-
 src/cz/crcs/ectester/reader/test/PerformanceTest.java     | 1 -
 7 files changed, 8 insertions(+), 7 deletions(-)

(limited to 'src/cz/crcs/ectester/reader/ECTesterReader.java')

diff --git a/src/cz/crcs/ectester/reader/ECTesterReader.java b/src/cz/crcs/ectester/reader/ECTesterReader.java
index 6b187f5..475d701 100644
--- a/src/cz/crcs/ectester/reader/ECTesterReader.java
+++ b/src/cz/crcs/ectester/reader/ECTesterReader.java
@@ -26,7 +26,6 @@ import cz.crcs.ectester.applet.ECTesterApplet;
 import cz.crcs.ectester.applet.EC_Consts;
 import cz.crcs.ectester.common.cli.CLITools;
 import cz.crcs.ectester.common.cli.Colors;
-import cz.crcs.ectester.common.ec.EC_Params;
 import cz.crcs.ectester.common.output.OutputLogger;
 import cz.crcs.ectester.common.output.TestWriter;
 import cz.crcs.ectester.common.util.ByteUtil;
diff --git a/src/cz/crcs/ectester/reader/output/FileTestWriter.java b/src/cz/crcs/ectester/reader/output/FileTestWriter.java
index e4ef9b8..69e5f41 100644
--- a/src/cz/crcs/ectester/reader/output/FileTestWriter.java
+++ b/src/cz/crcs/ectester/reader/output/FileTestWriter.java
@@ -26,7 +26,7 @@ public class FileTestWriter extends TeeTestWriter {
             String fName = files[i];
             String format = null;
             if (PREFIX.matcher(fName).matches()) {
-                String[] split = fName.split(":",2);
+                String[] split = fName.split(":", 2);
                 format = split[0];
                 fName = split[1];
             }
diff --git a/src/cz/crcs/ectester/reader/output/YAMLTestWriter.java b/src/cz/crcs/ectester/reader/output/YAMLTestWriter.java
index 080fa8b..7c99a4a 100644
--- a/src/cz/crcs/ectester/reader/output/YAMLTestWriter.java
+++ b/src/cz/crcs/ectester/reader/output/YAMLTestWriter.java
@@ -13,7 +13,10 @@ import cz.crcs.ectester.reader.test.CommandTestable;
 
 import javax.smartcardio.CardException;
 import java.io.PrintStream;
-import java.util.*;
+import java.util.LinkedHashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
 
 /**
  * @author Jan Jancar johny@neuromancer.sk
diff --git a/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java b/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java
index 048634b..479f6cc 100644
--- a/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java
@@ -45,7 +45,7 @@ public class CardDegenerateSuite extends CardTestSuite {
             List<Test> ecdhTests = new LinkedList<>();
             for (EC_Key.Public pub : keys) {
                 Test setPub = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, pub.getParams(), pub.flatten()), Result.ExpectedValue.FAILURE);
-                Test ecdh = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE,EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.FAILURE);
+                Test ecdh = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.FAILURE);
                 Test objectEcdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, CardUtil.getKATypeString(EC_Consts.KeyAgreement_ALG_EC_SVDP_DH) + " test with degenerate pubkey.", setPub, ecdh);
                 Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten());
                 Test rawEcdh = CommandTest.expect(ecdhCommand, Result.ExpectedValue.FAILURE, "Card correctly rejected point on degenerate curve.", "Card incorrectly accepted point on degenerate curve.");
diff --git a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java
index dd99047..908d295 100644
--- a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java
@@ -43,7 +43,7 @@ public class CardTwistSuite extends CardTestSuite {
             List<Test> ecdhTests = new LinkedList<>();
             for (EC_Key.Public pub : keys) {
                 Test setPub = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, pub.getParams(), pub.flatten()), Result.ExpectedValue.FAILURE);
-                Test ecdh = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE,EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.FAILURE);
+                Test ecdh = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.FAILURE);
                 Test objectEcdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, CardUtil.getKATypeString(EC_Consts.KeyAgreement_ALG_EC_SVDP_DH) + " test with degenerate pubkey.", setPub, ecdh);
                 Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH, pub.flatten());
                 Test rawEcdh = CommandTest.expect(ecdhCommand, Result.ExpectedValue.FAILURE, "Card correctly rejected point on twist.", "Card incorrectly accepted point on twist.");
diff --git a/src/cz/crcs/ectester/reader/test/CommandTest.java b/src/cz/crcs/ectester/reader/test/CommandTest.java
index cdd1cbf..adad191 100644
--- a/src/cz/crcs/ectester/reader/test/CommandTest.java
+++ b/src/cz/crcs/ectester/reader/test/CommandTest.java
@@ -50,7 +50,7 @@ public class CommandTest extends SimpleTest<CommandTestable> {
     }
 
     public static CommandTest expectSW(CommandTestable command, short... expectedSWS) {
-        return new CommandTest(command,  new TestCallback<CommandTestable>() {
+        return new CommandTest(command, new TestCallback<CommandTestable>() {
             @Override
             public Result apply(CommandTestable commandTestable) {
                 if (Arrays.equals(commandTestable.getResponse().getSWs(), expectedSWS)) {
diff --git a/src/cz/crcs/ectester/reader/test/PerformanceTest.java b/src/cz/crcs/ectester/reader/test/PerformanceTest.java
index 9abaadc..f9a4472 100644
--- a/src/cz/crcs/ectester/reader/test/PerformanceTest.java
+++ b/src/cz/crcs/ectester/reader/test/PerformanceTest.java
@@ -3,7 +3,6 @@ package cz.crcs.ectester.reader.test;
 import cz.crcs.ectester.common.test.Result;
 import cz.crcs.ectester.common.test.SimpleTest;
 import cz.crcs.ectester.common.test.TestCallback;
-import cz.crcs.ectester.common.test.TestException;
 import cz.crcs.ectester.reader.command.Command;
 import cz.crcs.ectester.reader.response.Response;
 
-- 
cgit v1.2.3-70-g09d2


From c8a14bb85176b76ef817fea0002c0607f0f03d57 Mon Sep 17 00:00:00 2001
From: J08nY
Date: Tue, 14 Aug 2018 18:46:41 +0200
Subject: Allow exporting set curve parameters to verify them.

---
 src/cz/crcs/ectester/data/cofactor/curves.xml          |  8 +++++++-
 src/cz/crcs/ectester/reader/ECTesterReader.java        | 18 ++++++++----------
 .../crcs/ectester/reader/test/CardCofactorSuite.java   |  2 +-
 .../crcs/ectester/reader/test/CardCompositeSuite.java  |  2 +-
 .../ectester/reader/test/CardCompressionSuite.java     |  2 +-
 src/cz/crcs/ectester/reader/test/CardDefaultSuite.java |  2 +-
 .../crcs/ectester/reader/test/CardDegenerateSuite.java |  2 +-
 .../crcs/ectester/reader/test/CardEdgeCasesSuite.java  |  7 ++++++-
 src/cz/crcs/ectester/reader/test/CardInvalidSuite.java |  2 +-
 src/cz/crcs/ectester/reader/test/CardMiscSuite.java    |  2 +-
 .../crcs/ectester/reader/test/CardSignatureSuite.java  |  8 +++++++-
 .../crcs/ectester/reader/test/CardTestVectorSuite.java |  2 +-
 src/cz/crcs/ectester/reader/test/CardTwistSuite.java   |  2 +-
 13 files changed, 37 insertions(+), 22 deletions(-)

(limited to 'src/cz/crcs/ectester/reader/ECTesterReader.java')

diff --git a/src/cz/crcs/ectester/data/cofactor/curves.xml b/src/cz/crcs/ectester/data/cofactor/curves.xml
index bb8a905..7cf2a9a 100644
--- a/src/cz/crcs/ectester/data/cofactor/curves.xml
+++ b/src/cz/crcs/ectester/data/cofactor/curves.xml
@@ -81,7 +81,13 @@
         <field>prime</field>
         <file>cofactor160p64.csv</file>
     </curve>
-    
+
+    <curve>
+        <id>cofactor192p2</id>
+        <bits>192</bits>
+        <field>prime</field>
+        <file>cofactor192p2.csv</file>
+    </curve>
     
     <curve>
         <id>cofactor163t2</id>
diff --git a/src/cz/crcs/ectester/reader/ECTesterReader.java b/src/cz/crcs/ectester/reader/ECTesterReader.java
index 475d701..5c50bf2 100644
--- a/src/cz/crcs/ectester/reader/ECTesterReader.java
+++ b/src/cz/crcs/ectester/reader/ECTesterReader.java
@@ -281,11 +281,7 @@ public class ECTesterReader {
 
         opts.addOptionGroup(actions);
 
-        OptionGroup size = new OptionGroup();
-        size.addOption(Option.builder("b").longOpt("bit-size").desc("Set curve size.").hasArg().argName("bits").build());
-        size.addOption(Option.builder("a").longOpt("all").desc("Test all curve sizes.").build());
-        opts.addOptionGroup(size);
-
+        opts.addOption(Option.builder("b").longOpt("bit-size").desc("Set curve size.").hasArg().argName("bits").build());
         opts.addOption(Option.builder("fp").longOpt("prime-field").desc("Use a prime field.").build());
         opts.addOption(Option.builder("f2m").longOpt("binary-field").desc("Use a binary field.").build());
 
@@ -362,9 +358,15 @@ public class ECTesterReader {
 
         List<Response> sent = new LinkedList<>();
         sent.add(new Command.Allocate(cardManager, ECTesterApplet.KEYPAIR_LOCAL, cfg.bits, keyClass).send());
-        sent.add(new Command.Clear(cardManager, ECTesterApplet.KEYPAIR_LOCAL).send());
+        //sent.add(new Command.Clear(cardManager, ECTesterApplet.KEYPAIR_LOCAL).send());
         sent.add(new Command.Generate(cardManager, ECTesterApplet.KEYPAIR_LOCAL).send());
 
+        // Also support exporting set parameters, to verify they are set correctly.
+        Command curve = Command.prepareCurve(cardManager, EC_Store.getInstance(), cfg, ECTesterApplet.KEYPAIR_LOCAL, cfg.bits, keyClass);
+        if (curve != null) {
+            sent.add(curve.send());
+        }
+
         // Cofactor generally isn't set on the default curve parameters on cards,
         // since its not necessary for ECDH, only ECDHC which not many cards implement
         // TODO: check if its assumend to be == 1?
@@ -806,10 +808,6 @@ public class ECTesterReader {
                     System.err.println(Colors.error("Keys should not be specified when exporting curve params."));
                     return false;
                 }
-                if (namedCurve != null || customCurve || curveFile != null) {
-                    System.err.println(Colors.error("Specifying a curve for curve export makes no sense."));
-                    return false;
-                }
                 if (outputs == null) {
                     System.err.println(Colors.error("You have to specify an output file for curve parameter export."));
                     return false;
diff --git a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java
index acac7c1..710b704 100644
--- a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java
@@ -54,7 +54,7 @@ public class CardCofactorSuite extends CardTestSuite {
             Test ecdh = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH with public points on non-generator subgroup.", ecdhTests.toArray(new Test[0]));
 
             if (cfg.cleanup) {
-                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS);
+                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.ANY);
                 doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, ecdh, cleanup));
             } else {
                 doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, ecdh));
diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java
index f688a52..336b371 100644
--- a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java
@@ -109,7 +109,7 @@ public class CardCompositeSuite extends CardTestSuite {
             Test perform = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH and ECDSA.", ecdh, ecdsa);
 
             if (cfg.cleanup) {
-                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS);
+                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.ANY);
                 doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, description, allocate, set, generate, perform, cleanup));
             } else {
                 doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, description, allocate, set, generate, perform));
diff --git a/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java b/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java
index 5e8f600..ae25bf1 100644
--- a/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java
@@ -113,7 +113,7 @@ public class CardCompressionSuite extends CardTestSuite {
             }
             compressionTests.addAll(kaTests);
             if (cfg.cleanup) {
-                compressionTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS));
+                compressionTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.ANY));
             }
 
             doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Compression test of " + spec + ".", compressionTests.toArray(new Test[0])));
diff --git a/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java b/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java
index fa9bfd0..e495b00 100644
--- a/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java
@@ -131,7 +131,7 @@ public class CardDefaultSuite extends CardTestSuite {
             ExpectedValue[] testExpects = {ExpectedValue.SUCCESS, ExpectedValue.ANY, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS};
             List<ExpectedValue> expects = Stream.of(testExpects).collect(Collectors.toList());
             if (cfg.cleanup) {
-                supportTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS));
+                supportTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.ANY));
                 expects.add(ExpectedValue.ANY);
             }
 
diff --git a/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java b/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java
index 514e249..c926a4d 100644
--- a/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java
@@ -53,7 +53,7 @@ public class CardDegenerateSuite extends CardTestSuite {
             }
             Test ecdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH with degenerate public points", ecdhTests.toArray(new Test[0]));
             if (cfg.cleanup) {
-                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS);
+                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.ANY);
                 doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Degenerate curve test of " + curve.getId(), prepare, ecdh, cleanup));
             } else {
                 doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Degenerate curve test of " + curve.getId(), prepare, ecdh));
diff --git a/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java b/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java
index f0dcaa0..5775a77 100644
--- a/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java
@@ -170,7 +170,12 @@ public class CardEdgeCasesSuite extends CardTestSuite {
             EC_Params krp1Params = makeParams(krp1);
             Test krp1S = ecdhTest(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, krp1Params.getParams(), krp1Params.flatten()), "ECDH with S = (k * r) + 1.", Result.ExpectedValue.FAILURE, Result.ExpectedValue.FAILURE);
 
-            doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests with edge-case private key values over " + curve.getId() + ".", setup, zeroS, oneS, smallerS, exactS, largerS, rm1S, rp1S, krS, krm1S, krp1S));
+            if (cfg.cleanup) {
+                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.ANY);
+                doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests with edge-case private key values over " + curve.getId() + ".", setup, zeroS, oneS, smallerS, exactS, largerS, rm1S, rp1S, krS, krm1S, krp1S, cleanup));
+            } else {
+                doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Tests with edge-case private key values over " + curve.getId() + ".", setup, zeroS, oneS, smallerS, exactS, largerS, rm1S, rp1S, krS, krm1S, krp1S));
+            }
         }
     }
 
diff --git a/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java b/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java
index 2d07d99..17c5d4b 100644
--- a/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java
@@ -58,7 +58,7 @@ public class CardInvalidSuite extends CardTestSuite {
             Test ecdh = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH with invalid public points", ecdhTests.toArray(new Test[0]));
 
             if (cfg.cleanup) {
-                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS);
+                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.ANY);
                 doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, ecdh, cleanup));
             } else {
                 doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, ecdh));
diff --git a/src/cz/crcs/ectester/reader/test/CardMiscSuite.java b/src/cz/crcs/ectester/reader/test/CardMiscSuite.java
index e568f67..8623e36 100644
--- a/src/cz/crcs/ectester/reader/test/CardMiscSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardMiscSuite.java
@@ -50,7 +50,7 @@ public class CardMiscSuite extends CardTestSuite {
             Test perform = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH and ECDSA", ka, sig);
 
             if (cfg.cleanup) {
-                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS);
+                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.ANY);
                 doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + " " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, perform, cleanup));
             } else {
                 doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + " " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, perform));
diff --git a/src/cz/crcs/ectester/reader/test/CardSignatureSuite.java b/src/cz/crcs/ectester/reader/test/CardSignatureSuite.java
index d8f335f..59def74 100644
--- a/src/cz/crcs/ectester/reader/test/CardSignatureSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardSignatureSuite.java
@@ -57,6 +57,12 @@ public class CardSignatureSuite extends CardTestSuite {
         Test setVerifyKey = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.CURVE_external, pubkey.getParams(), pubkey.flatten()), Result.ExpectedValue.SUCCESS);
         Test ecdsaVerify = CommandTest.expect(new Command.ECDSA_verify(this.card, ECTesterApplet.KEYPAIR_LOCAL, sig.getJavaCardSig(), data, sig.getData(0)), expected);
 
-        doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "ECDSA test of " + sig.getId() + ".", allocate, set, setVerifyKey, ecdsaVerify));
+        if (cfg.cleanup) {
+            Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.ANY);
+            doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "ECDSA test of " + sig.getId() + ".", allocate, set, setVerifyKey, ecdsaVerify, cleanup));
+        } else {
+            doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "ECDSA test of " + sig.getId() + ".", allocate, set, setVerifyKey, ecdsaVerify));
+        }
+
     }
 }
diff --git a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java
index 052e480..fbdf103 100644
--- a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java
@@ -73,7 +73,7 @@ public class CardTestVectorSuite extends CardTestSuite {
                 }
             }));
             if (cfg.cleanup) {
-                testVector.add(CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS));
+                testVector.add(CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.ANY));
             }
             doTest(CompoundTest.greedyAll(ExpectedValue.SUCCESS, "Test vector " + result.getId(), testVector.toArray(new Test[0])));
         }
diff --git a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java
index 0901240..6ad4ce6 100644
--- a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java
@@ -53,7 +53,7 @@ public class CardTwistSuite extends CardTestSuite {
 
             Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Do tests.", ecdh);
             if (cfg.cleanup) {
-                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS);
+                Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.ANY);
                 doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId(), prepare, tests, cleanup));
             } else {
                 doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId(), prepare, tests));
-- 
cgit v1.2.3-70-g09d2