From 50244cd3ff01ad997b5900883ffbc95dbba1154f Mon Sep 17 00:00:00 2001 From: J08nY Date: Wed, 4 Jul 2018 17:00:05 +0200 Subject: Add supersingular curves, do some tests over supersingular and Barreto-Naehrig curves. --- .../ectester/reader/test/CardCompositeSuite.java | 98 ++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 src/cz/crcs/ectester/reader/test/CardCompositeSuite.java (limited to 'src/cz/crcs/ectester/reader/test/CardCompositeSuite.java') diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java new file mode 100644 index 0000000..0d4d2e0 --- /dev/null +++ b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java @@ -0,0 +1,98 @@ +package cz.crcs.ectester.reader.test; + +import cz.crcs.ectester.applet.ECTesterApplet; +import cz.crcs.ectester.applet.EC_Consts; +import cz.crcs.ectester.common.ec.EC_Curve; +import cz.crcs.ectester.common.ec.EC_Key; +import cz.crcs.ectester.common.output.TestWriter; +import cz.crcs.ectester.common.test.CompoundTest; +import cz.crcs.ectester.common.test.Test; +import cz.crcs.ectester.common.util.CardUtil; +import cz.crcs.ectester.data.EC_Store; +import cz.crcs.ectester.reader.CardMngr; +import cz.crcs.ectester.reader.ECTesterReader; +import cz.crcs.ectester.reader.command.Command; + +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +import static cz.crcs.ectester.common.test.Result.ExpectedValue; + +/** + * @author Jan Jancar johny@neuromancer.sk + */ +public class CardCompositeSuite extends CardTestSuite { + + public CardCompositeSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager) { + super(writer, cfg, cardManager, "composite", "The composite suite runs ECDH over curves with composite order. This should generally fail, as using such a curve is unsafe."); + } + + @Override + protected void runTests() throws Exception { + /* Do the default run with the public keys set to provided smallorder keys + * over composite order curves. Essentially small subgroup attacks. + * These should fail, the curves aren't safe so that if the computation with + * a small order public key succeeds the private key modulo the public key order + * is revealed. + */ + Map keys = EC_Store.getInstance().getObjects(EC_Key.class, "composite"); + List>> mappedKeys = EC_Store.mapKeyToCurve(keys.values()); + for (Map.Entry> curveKeys : mappedKeys) { + EC_Curve curve = curveKeys.getKey(); + List tests = new LinkedList<>(); + Test allocate = runTest(CommandTest.expect(new Command.Allocate(this.card, ECTesterApplet.KEYPAIR_LOCAL, curve.getBits(), curve.getField()), ExpectedValue.SUCCESS)); + if (!allocate.ok()) { + doTest(CompoundTest.all(ExpectedValue.SUCCESS, "No support for " + curve.getBits() + "b " + CardUtil.getKeyTypeString(curve.getField()) + ".", allocate)); + continue; + } + tests.add(allocate); + for (EC_Key key : curveKeys.getValue()) { + Test set = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), ExpectedValue.ANY); + Test generate = CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_LOCAL), ExpectedValue.ANY); + Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH, key.flatten()); + Test ecdh = CommandTest.expect(ecdhCommand, ExpectedValue.FAILURE, "Card correctly rejected to do ECDH over a composite order curve.", "Card incorrectly does ECDH over a composite order curve, leaks bits of private key."); + + tests.add(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ", " + key.getDesc(), set, generate, ecdh)); + } + doTest(CompoundTest.all(ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ".", tests.toArray(new Test[0]))); + new Command.Cleanup(this.card).send(); + } + + /* Also test having a G of small order, so small R. + */ + Map results = EC_Store.getInstance().getObjects(EC_Curve.class, "composite"); + List>> groupList = EC_Store.mapToPrefix(results.values()); + List smallRCurves = groupList.stream().filter((e) -> e.getKey().equals("small")).findFirst().get().getValue(); + testGroup(smallRCurves, "Small generator order", ExpectedValue.FAILURE, "Card correctly rejected to do ECDH over a small order generator.", "Card incorrectly does ECDH over a small order generator."); + + /* Also test having a G of large but composite order, R = p * q, + */ + List pqCurves = groupList.stream().filter((e) -> e.getKey().equals("pq")).findFirst().get().getValue(); + testGroup(pqCurves, null, ExpectedValue.ANY, "", ""); + + /* Also test rg0 curves. + */ + List rg0Curves = groupList.stream().filter((e) -> e.getKey().equals("rg0")).findFirst().get().getValue(); + testGroup(rg0Curves, null, ExpectedValue.ANY, "", ""); + } + + private void testGroup(List curves, String testName, ExpectedValue dhValue, String ok, String nok) throws Exception { + for (EC_Curve curve : curves) { + Test allocate = CommandTest.expect(new Command.Allocate(this.card, ECTesterApplet.KEYPAIR_BOTH, curve.getBits(), curve.getField()), ExpectedValue.SUCCESS); + Test set = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), ExpectedValue.ANY); + Test generate = CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_BOTH), ExpectedValue.ANY); + Test ecdh = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), dhValue, ok, nok); + + String description; + if (testName == null) { + description = curve.getDesc() + " test of " + curve.getId() + "."; + } else { + description = testName + " test of " + curve.getId() + "."; + } + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, description, allocate, set, generate, ecdh)); + new Command.Cleanup(this.card).send(); + } + + } +} -- cgit v1.2.3-70-g09d2 From 8b932a878959d53fc449f22de406a9adc6d9edf0 Mon Sep 17 00:00:00 2001 From: J08nY Date: Wed, 4 Jul 2018 19:02:21 +0200 Subject: Also do composite tests with both keypairs generated on card. --- src/cz/crcs/ectester/reader/test/CardCompositeSuite.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src/cz/crcs/ectester/reader/test/CardCompositeSuite.java') diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java index 0d4d2e0..a693ac7 100644 --- a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java @@ -59,10 +59,16 @@ public class CardCompositeSuite extends CardTestSuite { new Command.Cleanup(this.card).send(); } - /* Also test having a G of small order, so small R. - */ + Map results = EC_Store.getInstance().getObjects(EC_Curve.class, "composite"); List>> groupList = EC_Store.mapToPrefix(results.values()); + /* Test the whole curves with both keypairs generated on card(no small-order public points provided). + */ + List wholeCurves = groupList.stream().filter((e) -> e.getKey().equals("whole")).findFirst().get().getValue(); + testGroup(wholeCurves, "Composite generator order", ExpectedValue.FAILURE, "Card rejected to do ECDH with composite order generator.", "Card did not reject to do ECDH with composite order generator."); + + /* Also test having a G of small order, so small R. + */ List smallRCurves = groupList.stream().filter((e) -> e.getKey().equals("small")).findFirst().get().getValue(); testGroup(smallRCurves, "Small generator order", ExpectedValue.FAILURE, "Card correctly rejected to do ECDH over a small order generator.", "Card incorrectly does ECDH over a small order generator."); -- cgit v1.2.3-70-g09d2 From 1bfa90811a0b4ea02d98ea7dedcfc07bec89d19c Mon Sep 17 00:00:00 2001 From: J08nY Date: Thu, 5 Jul 2018 19:30:16 +0200 Subject: Add ability to skip tests/run only a part of a test suite. --- .../ectester/common/output/BaseTextTestWriter.java | 19 ++++++----- .../ectester/common/output/BaseXMLTestWriter.java | 4 +-- .../ectester/common/output/BaseYAMLTestWriter.java | 4 +-- .../crcs/ectester/common/output/TeeTestWriter.java | 8 ++--- src/cz/crcs/ectester/common/output/TestWriter.java | 9 +++--- src/cz/crcs/ectester/common/test/TestSuite.java | 22 +++++++++++-- src/cz/crcs/ectester/reader/CardMngr.java | 1 - src/cz/crcs/ectester/reader/ECTesterReader.java | 37 +++++++++++++++++++--- .../ectester/reader/test/CardCofactorSuite.java | 4 +-- .../ectester/reader/test/CardCompositeSuite.java | 5 +-- .../ectester/reader/test/CardCompressionSuite.java | 2 +- .../ectester/reader/test/CardDefaultSuite.java | 4 +-- .../ectester/reader/test/CardDegenerateSuite.java | 4 +-- .../ectester/reader/test/CardInvalidSuite.java | 4 +-- .../crcs/ectester/reader/test/CardMiscSuite.java | 4 +-- .../ectester/reader/test/CardTestVectorSuite.java | 2 +- .../crcs/ectester/reader/test/CardTwistSuite.java | 4 +-- .../crcs/ectester/reader/test/CardWrongSuite.java | 1 - 18 files changed, 91 insertions(+), 47 deletions(-) (limited to 'src/cz/crcs/ectester/reader/test/CardCompositeSuite.java') diff --git a/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java b/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java index c3ce640..eef767b 100644 --- a/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java +++ b/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java @@ -38,20 +38,18 @@ public abstract class BaseTextTestWriter implements TestWriter { } /** - * * @param t * @return */ protected abstract String testableString(Testable t); /** - * * @param suite * @return */ protected abstract String deviceString(TestSuite suite); - private String testString(Test t, String prefix) { + private String testString(Test t, String prefix, int index) { boolean compound = t instanceof CompoundTest; Result result = t.getResult(); @@ -61,7 +59,8 @@ public abstract class BaseTextTestWriter implements TestWriter { out.append(compound ? "┳ " : "━ "); int width = BASE_WIDTH - (prefix.length() + out.length()); String widthSpec = "%-" + String.valueOf(width) + "s"; - out.append(String.format(widthSpec, t.getDescription())); + String desc = ((prefix.equals("")) ? "(" + index + ") " : "") + t.getDescription(); + out.append(String.format(widthSpec, desc)); out.append(" ┃ "); Colors.Foreground valueColor; if (result.getValue().ok()) { @@ -82,10 +81,10 @@ public abstract class BaseTextTestWriter implements TestWriter { for (int i = 0; i < tests.length; ++i) { if (i == tests.length - 1) { out.append(prefix).append(" ┗ "); - out.append(testString(tests[i], prefix + " ")); + out.append(testString(tests[i], prefix + " ", index)); } else { out.append(prefix).append(" ┣ "); - out.append(testString(tests[i], prefix + " ┃ ")); + out.append(testString(tests[i], prefix + " ┃ ", index)); } if (i != tests.length - 1) { @@ -100,10 +99,10 @@ public abstract class BaseTextTestWriter implements TestWriter { } @Override - public void outputTest(Test t) { + public void outputTest(Test t, int index) { if (!t.hasRun()) return; - output.println(testString(t, "")); + output.println(testString(t, "", index)); output.flush(); } @@ -122,8 +121,8 @@ public abstract class BaseTextTestWriter implements TestWriter { } @Override - public void outputError(Test t, Throwable cause) { - output.println(testString(t, "")); + public void outputError(Test t, Throwable cause, int index) { + output.println(testString(t, "", index)); output.print(errorString(cause)); output.flush(); } diff --git a/src/cz/crcs/ectester/common/output/BaseXMLTestWriter.java b/src/cz/crcs/ectester/common/output/BaseXMLTestWriter.java index 4e0c236..b666e08 100644 --- a/src/cz/crcs/ectester/common/output/BaseXMLTestWriter.java +++ b/src/cz/crcs/ectester/common/output/BaseXMLTestWriter.java @@ -112,14 +112,14 @@ public abstract class BaseXMLTestWriter implements TestWriter { } @Override - public void outputTest(Test t) { + public void outputTest(Test t, int index) { if (!t.hasRun()) return; tests.appendChild(testElement(t)); } @Override - public void outputError(Test t, Throwable cause) { + public void outputError(Test t, Throwable cause, int index) { tests.appendChild(testElement(t)); } diff --git a/src/cz/crcs/ectester/common/output/BaseYAMLTestWriter.java b/src/cz/crcs/ectester/common/output/BaseYAMLTestWriter.java index cab2632..e3c7952 100644 --- a/src/cz/crcs/ectester/common/output/BaseYAMLTestWriter.java +++ b/src/cz/crcs/ectester/common/output/BaseYAMLTestWriter.java @@ -89,14 +89,14 @@ public abstract class BaseYAMLTestWriter implements TestWriter { } @Override - public void outputTest(Test t) { + public void outputTest(Test t, int index) { if (!t.hasRun()) return; tests.add(testObject(t)); } @Override - public void outputError(Test t, Throwable cause) { + public void outputError(Test t, Throwable cause, int index) { tests.add(testObject(t)); } diff --git a/src/cz/crcs/ectester/common/output/TeeTestWriter.java b/src/cz/crcs/ectester/common/output/TeeTestWriter.java index 35912fa..58a0a15 100644 --- a/src/cz/crcs/ectester/common/output/TeeTestWriter.java +++ b/src/cz/crcs/ectester/common/output/TeeTestWriter.java @@ -21,16 +21,16 @@ public class TeeTestWriter implements TestWriter { } @Override - public void outputTest(Test t) { + public void outputTest(Test t, int index) { for (TestWriter writer : writers) { - writer.outputTest(t); + writer.outputTest(t, index); } } @Override - public void outputError(Test t, Throwable cause) { + public void outputError(Test t, Throwable cause, int index) { for (TestWriter writer : writers) { - writer.outputError(t, cause); + writer.outputError(t, cause, index); } } diff --git a/src/cz/crcs/ectester/common/output/TestWriter.java b/src/cz/crcs/ectester/common/output/TestWriter.java index 7de23a5..eb95804 100644 --- a/src/cz/crcs/ectester/common/output/TestWriter.java +++ b/src/cz/crcs/ectester/common/output/TestWriter.java @@ -21,15 +21,16 @@ public interface TestWriter { /** * * @param t + * @param index */ - void outputTest(Test t); + void outputTest(Test t, int index); /** - * - * @param t + * @param t * @param cause + * @param index */ - void outputError(Test t, Throwable cause); + void outputError(Test t, Throwable cause, int index); /** * diff --git a/src/cz/crcs/ectester/common/test/TestSuite.java b/src/cz/crcs/ectester/common/test/TestSuite.java index 5f26f52..b12680a 100644 --- a/src/cz/crcs/ectester/common/test/TestSuite.java +++ b/src/cz/crcs/ectester/common/test/TestSuite.java @@ -10,6 +10,9 @@ public abstract class TestSuite { protected String[] description; private TestWriter writer; private Test running; + private int ran = 0; + private int runFrom = 0; + private int runTo = -1; public TestSuite(TestWriter writer, String name, String... description) { this.writer = writer; @@ -21,11 +24,21 @@ public abstract class TestSuite { * Run the TestSuite. */ public void run() { + run(0); + } + + public void run(int from) { + run(from, -1); + } + + public void run(int from, int to) { + this.runFrom = from; + this.runTo = to; writer.begin(this); try { runTests(); } catch (TestException e) { - writer.outputError(running, e); + writer.outputError(running, e, ran); } catch (Exception e) { writer.end(); throw new TestSuiteException(e); @@ -55,8 +68,11 @@ public abstract class TestSuite { * @throws TestException */ protected T doTest(T t) { - runTest(t); - writer.outputTest(t); + if (ran >= runFrom && (runTo < 0 || ran <= runTo)) { + runTest(t); + writer.outputTest(t, ran); + } + ran++; return t; } diff --git a/src/cz/crcs/ectester/reader/CardMngr.java b/src/cz/crcs/ectester/reader/CardMngr.java index 637be56..921a9c8 100644 --- a/src/cz/crcs/ectester/reader/CardMngr.java +++ b/src/cz/crcs/ectester/reader/CardMngr.java @@ -1,6 +1,5 @@ package cz.crcs.ectester.reader; -import com.licel.jcardsim.io.CAD; import com.licel.jcardsim.io.JavaxSmartCardInterface; import cz.crcs.ectester.common.util.ByteUtil; import javacard.framework.AID; diff --git a/src/cz/crcs/ectester/reader/ECTesterReader.java b/src/cz/crcs/ectester/reader/ECTesterReader.java index 89cfca1..2b78cb0 100644 --- a/src/cz/crcs/ectester/reader/ECTesterReader.java +++ b/src/cz/crcs/ectester/reader/ECTesterReader.java @@ -272,8 +272,8 @@ public class ECTesterReader { actions.addOption(Option.builder("h").longOpt("help").desc("Print help.").build()); actions.addOption(Option.builder("ln").longOpt("list-named").desc("Print the list of supported named curves and keys.").hasArg().argName("what").optionalArg(true).build()); actions.addOption(Option.builder("e").longOpt("export").desc("Export the defaut curve parameters of the card(if any).").build()); - actions.addOption(Option.builder("g").longOpt("generate").desc("Generate [amount] of EC keys.").hasArg().argName("amount").optionalArg(true).build()); - actions.addOption(Option.builder("t").longOpt("test").desc("Test ECC support. [test_suite]:\n- default:\n- compression:\n- invalid:\n- twist:\n- degenerate:\n- cofactor:\n- wrong:\n- composite:\n- test-vectors:\n- edge-cases:\n- miscellaneous:").hasArg().argName("test_suite").optionalArg(true).build()); + actions.addOption(Option.builder("g").longOpt("generate").desc("Generate of EC keys.").hasArg().argName("amount").optionalArg(true).build()); + actions.addOption(Option.builder("t").longOpt("test").desc("Test ECC support. Optionally specify a test number to run only a part of a test suite. :\n- default:\n- compression:\n- invalid:\n- twist:\n- degenerate:\n- cofactor:\n- wrong:\n- composite:\n- test-vectors:\n- edge-cases:\n- miscellaneous:").hasArg().argName("test_suite[:from[:to]]").optionalArg(true).build()); actions.addOption(Option.builder("dh").longOpt("ecdh").desc("Do EC KeyAgreement (ECDH...), [count] times.").hasArg().argName("count").optionalArg(true).build()); actions.addOption(Option.builder("dsa").longOpt("ecdsa").desc("Sign data with ECDSA, [count] times.").hasArg().argName("count").optionalArg(true).build()); actions.addOption(Option.builder("ls").longOpt("list-suites").desc("List supported test suites.").build()); @@ -503,7 +503,7 @@ public class ECTesterReader { break; } - suite.run(); + suite.run(cfg.testFrom, cfg.testTo); } /** @@ -702,6 +702,8 @@ public class ECTesterReader { //Action-related options public String listNamed; public String testSuite; + public int testFrom; + public int testTo; public int generateAmount; public int ECKACount; public byte ECKAType = KeyAgreement_ALG_EC_SVDP_DH; @@ -827,7 +829,34 @@ public class ECTesterReader { primeField = true; } - testSuite = cli.getOptionValue("test", "default").toLowerCase(); + String suiteOpt = cli.getOptionValue("test", "default").toLowerCase(); + if (suiteOpt.contains(":")) { + String[] parts = suiteOpt.split(":"); + testSuite = parts[0]; + try { + testFrom = Integer.parseInt(parts[1]); + } catch (NumberFormatException nfe) { + System.err.println("Invalid test from number: " + parts[1] + "."); + return false; + } + if (parts.length == 3) { + try { + testTo = Integer.parseInt(parts[2]); + } catch (NumberFormatException nfe) { + System.err.println("Invalid test to number: " + parts[2] + "."); + return false; + } + } else if (parts.length != 2) { + System.err.println("Invalid test suite selection."); + return false; + } else { + testTo = -1; + } + } else { + testSuite = suiteOpt; + testFrom = 0; + testTo = -1; + } String[] tests = new String[]{"default", "composite", "compression", "invalid", "degenerate", "test-vectors", "wrong", "twist", "cofactor", "edge-cases", "miscellaneous"}; if (!Arrays.asList(tests).contains(testSuite)) { System.err.println(Colors.error("Unknown test suite " + testSuite + ". Should be one of: " + Arrays.toString(tests))); diff --git a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java index 2ecf4a2..762dc88 100644 --- a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java @@ -65,9 +65,9 @@ public class CardCofactorSuite extends CardTestSuite { Test ecdsa = CompoundTest.all(ExpectedValue.SUCCESS, "Verify random ECDSA signature by public points on non-generator subgroup.", ecdsaTests.toArray(new Test[0])); Test tests = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH and ECDSA tests.", ecdh, ecdsa); + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS); - doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, tests)); - new Command.Cleanup(this.card).send(); + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, tests, cleanup)); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java index a693ac7..b80a0e3 100644 --- a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java @@ -96,8 +96,9 @@ public class CardCompositeSuite extends CardTestSuite { } else { description = testName + " test of " + curve.getId() + "."; } - doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, description, allocate, set, generate, ecdh)); - new Command.Cleanup(this.card).send(); + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS); + + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, description, allocate, set, generate, ecdh, cleanup)); } } diff --git a/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java b/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java index 35cfd1d..19c452c 100644 --- a/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java @@ -112,9 +112,9 @@ public class CardCompressionSuite extends CardTestSuite { } } compressionTests.addAll(kaTests); + compressionTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS)); doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Compression test of " + spec + ".", compressionTests.toArray(new Test[0]))); - new Command.Cleanup(this.card).send(); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java b/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java index 4480962..554003b 100644 --- a/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java @@ -126,10 +126,10 @@ public class CardDefaultSuite extends CardTestSuite { } Test signTest = runTest(CompoundTest.any(ExpectedValue.SUCCESS, "Signature tests.", signTests.toArray(new Test[0]))); supportTests.add(signTest); + supportTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS)); - ExpectedValue[] testExpects = {ExpectedValue.SUCCESS, ExpectedValue.ANY, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS}; + ExpectedValue[] testExpects = {ExpectedValue.SUCCESS, ExpectedValue.ANY, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.ANY}; doTest(CompoundTest.mask(testExpects, "Tests of " + keyLength + "b " + CardUtil.getKeyTypeString(field) + " support.", supportTests.toArray(new Test[0]))); - new Command.Cleanup(this.card).send(); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java b/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java index 7483b2b..c3cf51c 100644 --- a/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java @@ -47,9 +47,9 @@ public class CardDegenerateSuite extends CardTestSuite { ecdhTests.add(CommandTest.expect(ecdhCommand, Result.ExpectedValue.FAILURE, "Card correctly rejected point on degenerate curve.", "Card incorrectly accepted point on degenerate curve.")); } Test ecdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH with degenerate public points", ecdhTests.toArray(new Test[0])); + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS); - doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Degenerate curve test of " + curve.getId(), prepare, ecdh)); - new Command.Cleanup(this.card).send(); + doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Degenerate curve test of " + curve.getId(), prepare, ecdh, cleanup)); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java b/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java index 2543027..60afe75 100644 --- a/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java @@ -67,9 +67,9 @@ public class CardInvalidSuite extends CardTestSuite { Test ecdsa = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Verify random ECDSA signature by invalid public points", ecdsaTests.toArray(new Test[0])); Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Test ECDH and ECDSA with points on invalid curves.", ecdh, ecdsa); + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS); - doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, tests)); - new Command.Cleanup(this.card).send(); + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, tests, cleanup)); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardMiscSuite.java b/src/cz/crcs/ectester/reader/test/CardMiscSuite.java index d969cf9..5dcf727 100644 --- a/src/cz/crcs/ectester/reader/test/CardMiscSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardMiscSuite.java @@ -46,9 +46,9 @@ public class CardMiscSuite extends CardTestSuite { Test generate = CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_BOTH), Result.ExpectedValue.SUCCESS); Test ka = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), Result.ExpectedValue.SUCCESS); Test sig = CommandTest.expect(new Command.ECDSA(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.Signature_ALG_ECDSA_SHA, ECTesterApplet.EXPORT_FALSE, null), Result.ExpectedValue.SUCCESS); + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS); - doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + " " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, ka, sig)); - new Command.Cleanup(this.card).send(); + doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + " " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, ka, sig, cleanup)); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java index 9d39525..9a39a72 100644 --- a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java @@ -69,8 +69,8 @@ public class CardTestVectorSuite extends CardTestSuite { return new Result(Value.SUCCESS); } })); + testVector.add(CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS)); doTest(CompoundTest.greedyAll(ExpectedValue.SUCCESS, "Test vector " + result.getId(), testVector.toArray(new Test[0]))); - new Command.Cleanup(this.card).send(); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java index 46da415..e7ea436 100644 --- a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java @@ -61,9 +61,9 @@ public class CardTwistSuite extends CardTestSuite { Test ecdsa = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Verify random ECDSA signature by public points on twist", ecdsaTests.toArray(new Test[0])); Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, ecdh, ecdsa); + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS); - doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId(), prepare, tests)); - new Command.Cleanup(this.card).send(); + doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId(), prepare, tests, cleanup)); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardWrongSuite.java b/src/cz/crcs/ectester/reader/test/CardWrongSuite.java index 6c0d5f5..2057093 100644 --- a/src/cz/crcs/ectester/reader/test/CardWrongSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardWrongSuite.java @@ -129,7 +129,6 @@ public class CardWrongSuite extends CardTestSuite { Test wrongR = CompoundTest.all(ExpectedValue.SUCCESS, "Tests with corrupted R parameter.", primeWrongR, nonprimeWrongR); - doTest(CompoundTest.all(ExpectedValue.SUCCESS, "Tests of " + keyLength + "b " + CardUtil.getKeyTypeString(KeyPair.ALG_EC_FP), setup, wrongPrime, resetSetup, wrongG, resetSetup.clone(), wrongR, resetSetup.clone())); } -- cgit v1.2.3-70-g09d2 From b65fbd884350212cee449fb208636eb3ee76cd49 Mon Sep 17 00:00:00 2001 From: J08nY Date: Thu, 12 Jul 2018 19:45:23 +0200 Subject: Add tests for curve order being a Carmichael pseudoprime. --- docs/IMPLEMENTATIONS.md | 42 ++++++++++++++---- .../ectester/data/composite/carmichael_128.csv | 1 + .../ectester/data/composite/carmichael_192.csv | 1 + .../ectester/data/composite/carmichael_224.csv | 1 + .../ectester/data/composite/carmichael_256.csv | 1 + .../ectester/data/composite/carmichael_384.csv | 1 + .../ectester/data/composite/carmichael_512.csv | 1 + .../ectester/data/composite/carmichael_521.csv | 1 + src/cz/crcs/ectester/data/composite/curves.xml | 50 ++++++++++++++++++++++ .../ectester/reader/test/CardCompositeSuite.java | 5 +++ 10 files changed, 96 insertions(+), 8 deletions(-) create mode 100644 src/cz/crcs/ectester/data/composite/carmichael_128.csv create mode 100644 src/cz/crcs/ectester/data/composite/carmichael_192.csv create mode 100644 src/cz/crcs/ectester/data/composite/carmichael_224.csv create mode 100644 src/cz/crcs/ectester/data/composite/carmichael_256.csv create mode 100644 src/cz/crcs/ectester/data/composite/carmichael_384.csv create mode 100644 src/cz/crcs/ectester/data/composite/carmichael_512.csv create mode 100644 src/cz/crcs/ectester/data/composite/carmichael_521.csv (limited to 'src/cz/crcs/ectester/reader/test/CardCompositeSuite.java') diff --git a/docs/IMPLEMENTATIONS.md b/docs/IMPLEMENTATIONS.md index 23010c7..4a70b7d 100644 --- a/docs/IMPLEMENTATIONS.md +++ b/docs/IMPLEMENTATIONS.md @@ -119,7 +119,7 @@ negation: \(-[x, y] = [x, -y] \) - To Projective: \( [x, y] \rightarrow (x : y : 1) \) - To Jacobian: \( [x, y] \rightarrow (x : y : 1) \) - - To Chudnovsky: ? + - To Chudnovsky: \( [x, y] \rightarrow (x : y : 1 : 1 : 1) \) ### Projective \begin{align*} @@ -134,9 +134,11 @@ negation: \(-[x, y] = [x, -y] \) infinity is \((0 : 1 : 0)\). +negation: \( -(X : Y : Z) = (X : -Y : Z) \) + - To Affine: \( (X : Y : Z) \rightarrow [X/Z, Y/Z] \) - - To Jacobian: ? - - To Chudnovsky: ? + - To Jacobian: \( (X : Y : Z) \rightarrow (X/Z : Y/Z : 1) \) ? + - To Chudnovsky: \( (X : Y : Z) \rightarrow (X/Z : Y/Z : 1 : 1 : 1) \) ? ### Jacobian \begin{align*} @@ -151,8 +153,10 @@ infinity is \((0 : 1 : 0)\). infinity is \( (1 : 1 : 0) \). +negation: \( -(X : Y : Z) = (X : -Y : Z) \) + - To Affine: \( (X : Y : Z) \rightarrow [X/Z^2, Y/Z^3] \) - - To Projective: ? + - To Projective: \( (X : Y : Z) \rightarrow (X/Z^2 : Y/Z^3 : 1) \) ? - To Chudnovsky: \( (X : Y : Z) \rightarrow (X : Y : Z : Z^2 : Z^3) \) ### Chudnovsky @@ -163,8 +167,10 @@ infinity is \( (1 : 1 : 0) \). infinity is \( (1 : 1 : 0 : 0 : 0) \). ? +negation: \( -(X : Y : Z : Z^2 : Z^3) = (X : -Y : Z : Z^2 : Z^3) \) + - To Affine: \( (X : Y : Z : Z^2 : Z^3) \rightarrow [X/Z^2, Y/Z^3] \) - - To Projective: ? + - To Projective: \( (X : Y : Z : Z^2 : Z^3) \rightarrow (X/Z^2 : Y/Z^3 : 1) \) ? - To Jacobian: \( (X : Y : Z : Z^2 : Z^3) \rightarrow (X : Y : Z) \) @@ -241,6 +247,26 @@ Cost: \( C_{binexp}(k) = \lambda(k)C_2 + (\nu(k) - k_0)C_+\)[^7] Uses binary addition chain, but does all the additions/multiplications. +(right-to-left) + + INPUT: k = (k_{t-1}, ..., k_1, k_0)_2, P ∈ E(F_q). + OUTPUT: [k]P. + 1. Q ← ∞. + 2. For i from t - 1 downto 0 do + 2.1 If k_i = 1 then Q ← Q + P else Dummy ← Q + P. + 2.2 P ← 2P. + 3. Return(Q). + +(left-to-right) + + INPUT: k = (k_{t-1}, ..., k_1, k_0)_2, P ∈ E(F_q). + OUTPUT: [k]P. + 1. Q ← ∞. + 2. For i from t - 1 downto 0 do + 2.1 Q ← 2Q. + 2.2 If k_i = 1 then Q ← Q + P else Dummy ← Q + P. + 3. Return(Q). + Cost: \( C_{const\_binexp}(k) = \lambda(k) (C_2 + C_+) \) ? ### Binary NAF multiplication (signed binary exponentiation) @@ -285,7 +311,7 @@ Cost: \( C_{bin\_NAF} = l(k)C_2 + \sigma(k)C_+ + \text{NAF computation cost}\) ? INPUT: Window width w, positive integer k, P ∈ E(F_q). OUTPUT: [k]P. 1. Use Algorithm 3.30 to compute NAF(k). - 2. Compute P_i = [i]P for i ∈ {1, 3, . . ., 2(2^w - (-1)^w)/3 - 1}. //precomputation + 2. Compute P_i = [i]P for i ∈ {1, 3, . . ., 2(2^w - (-1)^w)/3 - 1}. //precomputation for fixed P 3. Q ← ∞, i ← l - 1. 4. While i ≥ 0 do 4.1 If k_i = 0 then: @@ -323,7 +349,7 @@ Cost: \( C_{bin\_NAF} = l(k)C_2 + \sigma(k)C_+ + \text{NAF computation cost}\) ? INPUT: Window width w, positive integer k, P ∈ E(F_q). OUTPUT: [k]P. 1. Use Algorithm 3.35 to compute NAF-w(k). - 2. Compute P_i = [i]P for i ∈ {1, 3, 5, . . ., 2^{w-1} - 1}. //precomputation + 2. Compute P_i = [i]P for i ∈ {1, 3, 5, . . ., 2^{w-1} - 1}. //precomputation for fixed P 3. Q ← ∞. 4. For i from l - 1 downto 0 do 4.1 Q ← 2Q. @@ -409,7 +435,7 @@ x_n &= X_n / Z_n; \qquad x_{n+1} = X_{n+1} / Z_{n+1} \\ y_n &= \frac{2a_6 +(x_1x_n + a_4) (x_1 + x_n) - (x_1 - x_n)^2x_{n+1}}{2y_1} \end{align*} -Lopez-Dahab addition formulas (Projective coordinates/XZ coordinates):[^2] +Lopez-Dahab addition formulas on \( E(\mathbb{F}_{2^m}) \)(Projective coordinates/XZ coordinates):[^2] - Addition (\( n \ne m \)): \begin{align*} diff --git a/src/cz/crcs/ectester/data/composite/carmichael_128.csv b/src/cz/crcs/ectester/data/composite/carmichael_128.csv new file mode 100644 index 0000000..400abca --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/carmichael_128.csv @@ -0,0 +1 @@ +0x8d4731c77d3462993d75627d4ea254ef,0x7374f7d098c61f64d0dcd328b537e22c,0x3658ca99638dc513932535134f48536b,0x7d5beaa13395695173e3371b7638347a,0x6f1c533a21abb60316bb9529528910c4,0x8d4731c77d346297e54306afea3730a1,0x01 diff --git a/src/cz/crcs/ectester/data/composite/carmichael_192.csv b/src/cz/crcs/ectester/data/composite/carmichael_192.csv new file mode 100644 index 0000000..7c21982 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/carmichael_192.csv @@ -0,0 +1 @@ +0x8b72c1f15aacdcc4c3d881b3e14fa5e07f614ffd25613c95,0x4de73fecdd02978832f2025306474f85af670aa44735bec4,0x55fa4ea6cbf5241ff5c3734bef8db6399fa45ffbf6450f45,0x0236516a5b59cd7871ed1403e820f07d1795483b5c1cc7c7,0x137236f344d2e6e51476662acc70a2247f81d4801b0b9fa4,0x8b72c1f15aacdcc4c3d881b2a6256f87e98d12e5385af0b9,0x01 diff --git a/src/cz/crcs/ectester/data/composite/carmichael_224.csv b/src/cz/crcs/ectester/data/composite/carmichael_224.csv new file mode 100644 index 0000000..d72a30c --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/carmichael_224.csv @@ -0,0 +1 @@ +0x929fe6161bc19ea029efb679c883576d18d69b5b3a3870eaf80d49a3,0x159ef3437e3d7297247f6ad693c1d80f069cb9eb98a0c679668e5ff9,0x6448a16b4ed54d4532e4145cb5fa9a0cd623232d350f706742aeac8c,0x816e1a2510e83da094374558ba2df28976404fcff6c18bfb5eb8cbf9,0x78f245d80d0e1e18e73272fef47911883ae1ab2af985f93f06dbc002,0x929fe6161bc19ea029efb679c881d967bd62678011c1949852a0b119,0x01 diff --git a/src/cz/crcs/ectester/data/composite/carmichael_256.csv b/src/cz/crcs/ectester/data/composite/carmichael_256.csv new file mode 100644 index 0000000..fea4281 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/carmichael_256.csv @@ -0,0 +1 @@ +0x974a679ba3168a019e1f069aac82c999e2612f1957052c56607e8002ef36be53,0x51f15e6797f0a4f0f049b1aedb340118e9584727c5668fe856ad8e2fa111f12d,0x4e7c9daa52715b65db00a3f85ec87bf6a8cc1c312845fc302fc724eb0067d82e,0x6737dcaa9b8198f73599b700e6b3bfda05731528b620f9080799fd6d491be926,0x0f71d01a2ac0f12fe6db25cc420578e9acb729d007580b139cb4897d6421517c,0x974a679ba3168a019e1f069aac82c9986c8ed1c88f1d90e54250abfb0a363941,0x01 diff --git a/src/cz/crcs/ectester/data/composite/carmichael_384.csv b/src/cz/crcs/ectester/data/composite/carmichael_384.csv new file mode 100644 index 0000000..3002514 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/carmichael_384.csv @@ -0,0 +1 @@ +0xa10402c0f3ab3f57b7ddf22e1b7054a8b2a292e3466496d060a5264d9fe29e2fc22347b3b6c21cdf7cba591fd00abd29,0x3dafe0a9c8fb6540cfb52253c08d63742c122062d031f96b0d901d27c9a91d9cefc6d5df27b9f56664860d02b98bc00c,0x3ae6993a790b7e73d67d1cd3a1376c08b9effb7a43211cd169d4e5871bdf096827d953a9f1a98ad11748b22dadf28f07,0x2f2843692b78f89332597df8bec5f5c55767af145ade2c4ad6a4e08fc772c5b7e2bab7d1cb054ebee4367739fe5d5e5c,0x6940f0d9cd2276b4c909e730cdb909a8742a2abee52fe157ca7401d1d825f57145a3cc20522910b28b90cffc38d64e9b,0xa10402c0f3ab3f57b7ddf22e1b7054a8b2a292e3466496d056717d18f11d70554d3bff46c2b156dc594b563cf7ce93d1,0x01 diff --git a/src/cz/crcs/ectester/data/composite/carmichael_512.csv b/src/cz/crcs/ectester/data/composite/carmichael_512.csv new file mode 100644 index 0000000..59d0b03 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/carmichael_512.csv @@ -0,0 +1 @@ +0x9c4dc6f1cd53c38d5af75215620fb6d643257fb1f658d3e5d3b5412dee1bce65b734e62f7a592cda1f6218a11d07f791503e00190b94521255c291e59a069367,0x624745292ab68c1d121cc5f7bda57be0be0fc2461c212494d44f4d522bf797f31c47ba99b44c7145313aebe5bb03893ed11cfc926082e51426cc2b4347746aa5,0x456e5b484249ffa61273c26a91941dd9f1153b4e972df10cfe7c32c64f8aa6ac0f9ec02b63dec7daff1f30eb1a5ac7b641671092f723175f092f13e5f41f1399,0x4348b5167f4f5d7c3d1265d5f08e08db97cd506b9b2e546d94065220597e79291c2c2ece0f6b904a2a8c39f3adc6706724b56dc26804e19e5fefce5a7763d241,0x61bc72b13f6954704e8d219c2d1a20824dc759503f49b8aed3de1acb1761d68a68fbc93064ba12cac87344690be9027e763e3889ae561904c68bc586407018db,0x9c4dc6f1cd53c38d5af75215620fb6d643257fb1f658d3e5d3b5412dee1bce670a65fd73b857d9d8111f52eb305cfc13d96ca09cdc88e257b289d02d3239d259,0x01 diff --git a/src/cz/crcs/ectester/data/composite/carmichael_521.csv b/src/cz/crcs/ectester/data/composite/carmichael_521.csv new file mode 100644 index 0000000..47ec1c3 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/carmichael_521.csv @@ -0,0 +1 @@ +0x011ebb4ebb42f370324a2b937a20c443f110e1e3c40ecb3eb63af873d0c86e7cce05e5416605f1fcfc8296c879bbea344084007bb8fc2c704d85fc4b7fcdc0a4a001,0x00be420c826bac034b4b24ba623a2551510f6663babc95d6741dd68ab05adf6cf2624b1d47fb76c7b0b3edae8c436befe0b5d536525bd662e911529d00c05437e1db,0x0087789843e5da542f34b7c9737db3f6dbaf515788f355b0e2e36d66eb65d1a183a95a88fb9ffa27807961581ed69473046df573baab472fca6a361228bf326fa7f7,0x00457d321b63688cff7ddb0c04fb4bec1b0da6b5af8cac11b9d6fdce431e80d4b48947329078a7c1c5ca9aeb351a2514f89ef8215adaad9af4f581df098fa088aba6,0x00c286d2f1e48e58787c83878624b273db0fa6c3de13e59e326c0f783a40056dd3623688156396986179d5ee97cf9df846ac7a3180a27a23a45cbb400d9553d8a659,0x11ebb4ebb42f370324a2b937a20c443f110e1e3c40ecb3eb63af873d0c86e7cce1752f780ce79d0886704c8603b16dbb491481c1b6682865a9b7f83440515fbe561,0x01 diff --git a/src/cz/crcs/ectester/data/composite/curves.xml b/src/cz/crcs/ectester/data/composite/curves.xml index 8cec330..c0d61c2 100644 --- a/src/cz/crcs/ectester/data/composite/curves.xml +++ b/src/cz/crcs/ectester/data/composite/curves.xml @@ -250,4 +250,54 @@ composite256_rg0.csv |G| divides r(so [r]G = infinity), but r != |G| = 0x743bc7ea193d40db + + + pp/carmichael128 + 128 + prime + carmichael_128.csv + r = Carmichael pseudoprime = 0x2ddbfe0f1f7 * 0x5bb7fc1e3ed * 0x8993fa2d5e3 + + + pp/carmichael192 + 192 + prime + carmichael_192.csv + r = Carmichael pseudoprime = 0x730ea70deea47eeb * 0xe61d4e1bdd48fdd5 * 0x1592bf529cbed7cbf + + + pp/carmichael224 + 224 + prime + carmichael_224.csv + r = Carmichael pseudoprime = 0x2e6e4205e9ea74ebefd * 0x5cdc840bd3d4e9d7df9 * 0x8b4ac611bdbf5ec3cf5 + + + pp/carmichael256 + 256 + prime + carmichael_256.csv + r = Carmichael pseudoprime = 0x129e94800bf86bd2d04ce1 * 0x253d290017f0d7a5a099c1 * 0x37dbbd8023e9437870e6a1 + + + pp/carmichael384 + 384 + prime + carmichael_384.csv + r = Carmichael pseudoprime = 0x78b4fa97e97300a5c46b32fb522cf76f * 0xf169f52fd2e6014b88d665f6a459eedd * 0x16a1eefc7bc5901f14d4198f1f686e64b + + + pp/carmichael512 + 512 + prime + carmichael_512.csv + r = Carmichael pseudoprime = 0x2f6e41969c169b4e97b0a1c46ca4fb3a8f294afaefb * 0x5edc832d382d369d2f614388d949f6751e5295f5df5 * 0x8e4ac4c3d443d1ebc711e54d45eef1afad7be0f0cef + + + pp/carmichael521 + 521 + prime + carmichael_521.csv + r = Carmichael pseudoprime = 0x170ac4fd154250e674f9ac6e0c29a214c6d6553e4f11 * 0x2e1589fa2a84a1cce9f358dc185344298dacaa7c9e21 * 0x45204ef73fc6f2b35eed054a247ce63e5482ffbaed31 + \ No newline at end of file diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java index b80a0e3..c4b3775 100644 --- a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java @@ -77,6 +77,11 @@ public class CardCompositeSuite extends CardTestSuite { List pqCurves = groupList.stream().filter((e) -> e.getKey().equals("pq")).findFirst().get().getValue(); testGroup(pqCurves, null, ExpectedValue.ANY, "", ""); + /* Also test having G or large order being a Carmichael pseudoprime, R = p * q * r, + */ + List ppCurves = groupList.stream().filter((e) -> e.getKey().equals("pp")).findFirst().get().getValue(); + testGroup(ppCurves, "Generator order = Carmichael pseudoprime", ExpectedValue.ANY, "", ""); + /* Also test rg0 curves. */ List rg0Curves = groupList.stream().filter((e) -> e.getKey().equals("rg0")).findFirst().get().getValue(); -- cgit v1.2.3-70-g09d2 From 762cc0c58f3e9b23077a3b0f88fe95232d02935d Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 16 Jul 2018 20:04:14 +0200 Subject: Add tests of increasingly larger prime R to better understand behavior of impls. --- docs/LIBS.md | 6 +- .../ectester/common/output/BaseTextTestWriter.java | 1 + src/cz/crcs/ectester/data/composite/curves.xml | 211 +++++++++++++++++++++ .../ectester/data/composite/varying/160/10.csv | 1 + .../ectester/data/composite/varying/160/112.csv | 1 + .../ectester/data/composite/varying/160/12.csv | 1 + .../ectester/data/composite/varying/160/128.csv | 1 + .../ectester/data/composite/varying/160/135.csv | 1 + .../ectester/data/composite/varying/160/14.csv | 1 + .../ectester/data/composite/varying/160/140.csv | 1 + .../ectester/data/composite/varying/160/144.csv | 1 + .../ectester/data/composite/varying/160/146.csv | 1 + .../ectester/data/composite/varying/160/148.csv | 1 + .../ectester/data/composite/varying/160/150.csv | 1 + .../ectester/data/composite/varying/160/152.csv | 1 + .../data/composite/varying/160/152_cofactor.csv | 1 + .../ectester/data/composite/varying/160/16.csv | 1 + .../crcs/ectester/data/composite/varying/160/2.csv | 1 + .../ectester/data/composite/varying/160/20.csv | 1 + .../ectester/data/composite/varying/160/25.csv | 1 + .../crcs/ectester/data/composite/varying/160/3.csv | 1 + .../ectester/data/composite/varying/160/32.csv | 1 + .../crcs/ectester/data/composite/varying/160/4.csv | 1 + .../ectester/data/composite/varying/160/48.csv | 1 + .../crcs/ectester/data/composite/varying/160/5.csv | 1 + .../crcs/ectester/data/composite/varying/160/6.csv | 1 + .../ectester/data/composite/varying/160/64.csv | 1 + .../crcs/ectester/data/composite/varying/160/7.csv | 1 + .../ectester/data/composite/varying/160/70.csv | 1 + .../crcs/ectester/data/composite/varying/160/8.csv | 1 + .../ectester/data/composite/varying/160/80.csv | 1 + .../ectester/data/composite/varying/160/90.csv | 1 + .../ectester/data/composite/varying/160/96.csv | 1 + .../ectester/reader/test/CardCompositeSuite.java | 12 +- 34 files changed, 255 insertions(+), 5 deletions(-) create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/10.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/112.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/12.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/128.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/135.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/14.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/140.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/144.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/146.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/148.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/150.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/152.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/152_cofactor.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/16.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/2.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/20.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/25.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/3.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/32.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/4.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/48.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/5.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/6.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/64.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/7.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/70.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/8.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/80.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/90.csv create mode 100644 src/cz/crcs/ectester/data/composite/varying/160/96.csv (limited to 'src/cz/crcs/ectester/reader/test/CardCompositeSuite.java') diff --git a/docs/LIBS.md b/docs/LIBS.md index 512dee2..903aef4 100644 --- a/docs/LIBS.md +++ b/docs/LIBS.md @@ -66,4 +66,8 @@ Popular libraries with at least some ECC support: - Uses Jacobian coordinates. - Sliding window scalar multiplication algorithm. - [Crypto++](https://cryptopp.com/) - - C++ \ No newline at end of file + - C++ + - For prime field curves: + - Uses projective coordinates and sliding window scalar multiplication algorithm. + - For binary field curves: + - Uses affine coordinates and sliding window scalar multiplication algorithm. \ No newline at end of file diff --git a/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java b/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java index ea28489..ee55069 100644 --- a/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java +++ b/src/cz/crcs/ectester/common/output/BaseTextTestWriter.java @@ -58,6 +58,7 @@ public abstract class BaseTextTestWriter implements TestWriter { if (prefix.equals("")) { char charLine[] = new char[BASE_WIDTH + 24]; new String(new char[BASE_WIDTH + 24]).replace("\0", "━").getChars(0, charLine.length - 1, charLine, 0); + charLine[0] = '■'; charLine[4] = '┳'; charLine[BASE_WIDTH + 1] = '┳'; charLine[BASE_WIDTH + 13] = '┳'; diff --git a/src/cz/crcs/ectester/data/composite/curves.xml b/src/cz/crcs/ectester/data/composite/curves.xml index c0d61c2..f1af987 100644 --- a/src/cz/crcs/ectester/data/composite/curves.xml +++ b/src/cz/crcs/ectester/data/composite/curves.xml @@ -300,4 +300,215 @@ carmichael_521.csv r = Carmichael pseudoprime = 0x170ac4fd154250e674f9ac6e0c29a214c6d6553e4f11 * 0x2e1589fa2a84a1cce9f358dc185344298dacaa7c9e21 * 0x45204ef73fc6f2b35eed054a247ce63e5482ffbaed31 + + + varying/160/2 + 160 + prime + varying/160/2.csv + r = 2 bit prime + + + varying/160/3 + 160 + prime + varying/160/3.csv + r = 3 bit prime + + + varying/160/4 + 160 + prime + varying/160/4.csv + r = 4 bit prime + + + varying/160/5 + 160 + prime + varying/160/5.csv + r = 5 bit prime + + + varying/160/6 + 160 + prime + varying/160/6.csv + r = 6 bit prime + + + varying/160/7 + 160 + prime + varying/160/7.csv + r = 7 bit prime + + + varying/160/8 + 160 + prime + varying/160/8.csv + r = 8 bit prime + + + varying/160/10 + 160 + prime + varying/160/10.csv + r = 10 bit prime + + + varying/160/12 + 160 + prime + varying/160/12.csv + r = 12 bit prime + + + varying/160/14 + 160 + prime + varying/160/14.csv + r = 14 bit prime + + + varying/160/16 + 160 + prime + varying/160/16.csv + r = 16 bit prime + + + varying/160/20 + 160 + prime + varying/160/20.csv + r = 20 bit prime + + + varying/160/25 + 160 + prime + varying/160/25.csv + r = 25 bit prime + + + varying/160/32 + 160 + prime + varying/160/32.csv + r = 32 bit prime + + + varying/160/48 + 160 + prime + varying/160/48.csv + r = 48 bit prime + + + varying/160/64 + 160 + prime + varying/160/64.csv + r = 64 bit prime + + + varying/160/70 + 160 + prime + varying/160/70.csv + r = 70 bit prime + + + varying/160/80 + 160 + prime + varying/160/80.csv + r = 80 bit prime + + + varying/160/90 + 160 + prime + varying/160/90.csv + r = 90 bit prime + + + varying/160/96 + 160 + prime + varying/160/96.csv + r = 96 bit prime + + + varying/160/112 + 160 + prime + varying/160/112.csv + r = 112 bit prime + + + varying/160/128 + 160 + prime + varying/160/128.csv + r = 128 bit prime + + + varying/160/135 + 160 + prime + varying/160/135.csv + r = 135 bit prime + + + varying/160/140 + 160 + prime + varying/160/140.csv + r = 140 bit prime + + + varying/160/144 + 160 + prime + varying/160/144.csv + r = 144 bit prime + + + varying/160/146 + 160 + prime + varying/160/146.csv + r = 146 bit prime + + + varying/160/148 + 160 + prime + varying/160/148.csv + r = 148 bit prime + + + varying/160/150 + 160 + prime + varying/160/150.csv + r = 150 bit prime + + + varying/160/152 + 160 + prime + varying/160/152.csv + r = 152 bit prime + + + varying/160/152cofactor + 160 + prime + varying/160/152_cofactor.csv + r = 152 bit prime, with correct cofactor + \ No newline at end of file diff --git a/src/cz/crcs/ectester/data/composite/varying/160/10.csv b/src/cz/crcs/ectester/data/composite/varying/160/10.csv new file mode 100644 index 0000000..5fa842a --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/10.csv @@ -0,0 +1 @@ +0xb1c8eb4d314d22f1bdb2294eaed063e64f580611,0x6a1a4b89dc64200e98c46af58e8d7d0a52aba862,0xa0c9a0d9070ceefcaa3f2324668d6e3e9a3bf8f7,0x4b517e44056658e1f778d6c1075eefc644eaae5e,0x15ca498bd6ab9519c5be6f29882cbc68e47479cd,0x0000000000000000000000000000000000000337,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/112.csv b/src/cz/crcs/ectester/data/composite/varying/160/112.csv new file mode 100644 index 0000000..633ccd5 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/112.csv @@ -0,0 +1 @@ +0x9f3386530aa0a8009acbbe9caa919f72c8d5730f,0x33f8b03510268eb1ca33c2996ddacec1b314c5a6,0x4d9b3a2737345fe43069f306eabdc123e8e847b2,0x803f5afafe7ccb0433355eaf7a1aa1e93d1161b0,0x702c66bf3f3235fbcf3e2a7bf3bf56a69169d1c1,0x000000000000c978cb903a08ddcef1daa40de1f5,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/12.csv b/src/cz/crcs/ectester/data/composite/varying/160/12.csv new file mode 100644 index 0000000..62bb1a0 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/12.csv @@ -0,0 +1 @@ +0xa7d15a5258f4f3855cb22ce8d00571133e8ad0f3,0x61f9830a932a4cdd257061624f3b820e9b91db6e,0x758ee90aa5d7fe797c4817d0c2011f062a263429,0x4f448e668102ec49a2042cf2c15f9879d2d14068,0x05043866b8c4d47377f25942b075e835b121ceeb,0x0000000000000000000000000000000000000c25,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/128.csv b/src/cz/crcs/ectester/data/composite/varying/160/128.csv new file mode 100644 index 0000000..5f8c532 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/128.csv @@ -0,0 +1 @@ +0xb13f0d997960752db0a77c95ade4843941645c87,0x7acba0516ea114053bc3e8fa026857990e610d4b,0x7f9755351f5279758bde2b9739c5f907d159ff26,0x08010035ebd4107beb815893817f2b00f7911d96,0x932569a7385306a3b33e4669100feda47db97168,0x00000000c85d322721a790e50860fee459f6292f,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/135.csv b/src/cz/crcs/ectester/data/composite/varying/160/135.csv new file mode 100644 index 0000000..232abff --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/135.csv @@ -0,0 +1 @@ +0xd3f3289b14ab182f38b78fab5dbaf3674c02597d,0xb8880d01c2b44c8a27805524913e438e6458411d,0x89482f3814165014cc30b134849ead387c7ad048,0xc44043b00f6f65000cb63a22fbbb0785985d0699,0x6097e0e529330900f844ccd27a69a96b16509c16,0x0000006c7fcc23ea5ce765d52954b58745d67e81,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/14.csv b/src/cz/crcs/ectester/data/composite/varying/160/14.csv new file mode 100644 index 0000000..c8df53e --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/14.csv @@ -0,0 +1 @@ +0xbdf7ada7a57600f5d5b371b51218a619536cebc7,0x799707863618aaaffb5d46ca3427d6cfecdc6476,0x590f7e7193a997a2b60ab8e31107f1832473290b,0x795684e5a9816c14dff9c8b509c8c87afa3bbbc3,0xaabbea132ba2097d8025a5387aed8482147c530a,0x0000000000000000000000000000000000003437,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/140.csv b/src/cz/crcs/ectester/data/composite/varying/160/140.csv new file mode 100644 index 0000000..4d59858 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/140.csv @@ -0,0 +1 @@ +0xcf8ecac9bc992d2df7ba9015b5bdcbdf2d1c2aa9,0xa067f72ab472977a150f4684df8e9ccee909489f,0x080cac1702258fce0fbafbdb4f861ad4554a05c6,0xa4601066e4fcb7308022ac922a3a1475197e723e,0x0a210871677b6b921846b4ff0c055cd93f2aa275,0x00000fe55175f2c1fc9827ef4997357705b40a5d,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/144.csv b/src/cz/crcs/ectester/data/composite/varying/160/144.csv new file mode 100644 index 0000000..e8c6492 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/144.csv @@ -0,0 +1 @@ +0xc4bfe673203f80fd04c89a5942c18074bcc2a719,0x9d4a0edafeb576559fe95f1dfde0e006a9e0f6fb,0x2c075927ef142a14c84de72b208e8b5ee1d762b0,0x5a808971a0093ceadb15cf76068c5e7c3c4269b1,0x27a0f2741a55767ef3175461120c5f42a5b54f4f,0x0000d9935a273b9b1402519925d6a6a8b4f9342b,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/146.csv b/src/cz/crcs/ectester/data/composite/varying/160/146.csv new file mode 100644 index 0000000..f656c72 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/146.csv @@ -0,0 +1 @@ +0xbdf7ada7a57600f5d5b371b51218a619536cebc7,0x799707863618aaaffb5d46ca3427d6cfecdc6476,0x590f7e7193a997a2b60ab8e31107f1832473290b,0x4ccf365eda5a0e85438b6df2bf57d668cf5d8192,0x702b5f386587f0d85e6cf56b511de035b62c4379,0x0003a3606233edce56cac59bd01e622561e99e77,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/148.csv b/src/cz/crcs/ectester/data/composite/varying/160/148.csv new file mode 100644 index 0000000..b292889 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/148.csv @@ -0,0 +1 @@ +0xa7d15a5258f4f3855cb22ce8d00571133e8ad0f3,0x61f9830a932a4cdd257061624f3b820e9b91db6e,0x758ee90aa5d7fe797c4817d0c2011f062a263429,0x356da5d90cef81adb97a8cc3e95861fc156ab6c3,0x63ea1cb827821f6d3599e303594a4e21911971a3,0x000dd1818cc0197085816a97b6056c3917bb32d9,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/150.csv b/src/cz/crcs/ectester/data/composite/varying/160/150.csv new file mode 100644 index 0000000..c1bf12e --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/150.csv @@ -0,0 +1 @@ +0xb1c8eb4d314d22f1bdb2294eaed063e64f580611,0x6a1a4b89dc64200e98c46af58e8d7d0a52aba862,0xa0c9a0d9070ceefcaa3f2324668d6e3e9a3bf8f7,0x39ce0be4410100e1349fae8ec18fabb91f1816dd,0x3a44dee9ecb21038fb8c3e987e285f09b456bdc7,0x00374d1df48d00aa21837b6f9717173eb656c659,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/152.csv b/src/cz/crcs/ectester/data/composite/varying/160/152.csv new file mode 100644 index 0000000..24a03ba --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/152.csv @@ -0,0 +1 @@ +0xc9d72249375ff1884a80e426e79315f02fb6904f,0x003ce7e6420986df1c87895fe1b83ed86f93cf10,0x7ed71b8a343a6d4da4220123d2b3405d9e4f813f,0x3f30626d74214324e1ee6c97341abe2a9b2bdd07,0x17fb8a3dc06dc7680485871fc3ed4f8e8e662778,0x00e7b588f02d33982511ca6ab8485259bf119a2f,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/152_cofactor.csv b/src/cz/crcs/ectester/data/composite/varying/160/152_cofactor.csv new file mode 100644 index 0000000..7861bbd --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/152_cofactor.csv @@ -0,0 +1 @@ +0xc9d72249375ff1884a80e426e79315f02fb6904f,0x003ce7e6420986df1c87895fe1b83ed86f93cf10,0x7ed71b8a343a6d4da4220123d2b3405d9e4f813f,0x3f30626d74214324e1ee6c97341abe2a9b2bdd07,0x17fb8a3dc06dc7680485871fc3ed4f8e8e662778,0x00e7b588f02d33982511ca6ab8485259bf119a2f,0xdf diff --git a/src/cz/crcs/ectester/data/composite/varying/160/16.csv b/src/cz/crcs/ectester/data/composite/varying/160/16.csv new file mode 100644 index 0000000..fd76ff7 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/16.csv @@ -0,0 +1 @@ +0xc4bfe673203f80fd04c89a5942c18074bcc2a719,0x9d4a0edafeb576559fe95f1dfde0e006a9e0f6fb,0x2c075927ef142a14c84de72b208e8b5ee1d762b0,0x364591432aca4ab7e451866819263e32f57fa052,0x634d15df260f3bb8e92cd0d4940d176e2d97bddc,0x000000000000000000000000000000000000e77f,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/2.csv b/src/cz/crcs/ectester/data/composite/varying/160/2.csv new file mode 100644 index 0000000..670f4bc --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/2.csv @@ -0,0 +1 @@ +0x7b6d7f82beae015788a67ad391bb68ad720ba991,0x6f222dd4f5ec04fdb0202f461d10c3fa1cec6d45,0x2792a26122d154d68bdb523330a06cc252894165,0x50fa49d7061feaeec4f4f4592744d26decd6243a,0x0000000000000000000000000000000000000000,0x0000000000000000000000000000000000000002,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/20.csv b/src/cz/crcs/ectester/data/composite/varying/160/20.csv new file mode 100644 index 0000000..940d10c --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/20.csv @@ -0,0 +1 @@ +0xcf8ecac9bc992d2df7ba9015b5bdcbdf2d1c2aa9,0xa067f72ab472977a150f4684df8e9ccee909489f,0x080cac1702258fce0fbafbdb4f861ad4554a05c6,0x4c4356d56316d6556e7b427a3e1aacd1c1805a8a,0x3d55e3b1904c5e66c75b00710068ffaec4a60ddb,0x00000000000000000000000000000000000d0eb3,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/25.csv b/src/cz/crcs/ectester/data/composite/varying/160/25.csv new file mode 100644 index 0000000..318099b --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/25.csv @@ -0,0 +1 @@ +0xd3f3289b14ab182f38b78fab5dbaf3674c02597d,0xb8880d01c2b44c8a27805524913e438e6458411d,0x89482f3814165014cc30b134849ead387c7ad048,0x593ddf0087b88e469110d12067c86b00bb6f219d,0x968f74b30717f0ca56749382ba5aece4182b35d6,0x0000000000000000000000000000000001f4168b,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/3.csv b/src/cz/crcs/ectester/data/composite/varying/160/3.csv new file mode 100644 index 0000000..18ec491 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/3.csv @@ -0,0 +1 @@ +0xd41869824871ccc03ff87bd99c9a6d2eb7c557bd,0x80b0b37638bd5678af01089dbc13a8674ad96422,0x4c2d8f41681795f138af380c86c98e1d6ee2f3a4,0x6597db8eade96de1d5a546172358d578985e4802,0xa8f85050990cbd2d365b4ef44ead757bfb9af8b5,0x0000000000000000000000000000000000000007,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/32.csv b/src/cz/crcs/ectester/data/composite/varying/160/32.csv new file mode 100644 index 0000000..fddfeee --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/32.csv @@ -0,0 +1 @@ +0xb13f0d997960752db0a77c95ade4843941645c87,0x7acba0516ea114053bc3e8fa026857990e610d4b,0x7f9755351f5279758bde2b9739c5f907d159ff26,0x4ce786a838268215724f1edae0ddec658ef20e6a,0xaeaa4f03aefbbf5fbaeb393ca859d8f27ca56a32,0x00000000000000000000000000000000e2768a75,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/4.csv b/src/cz/crcs/ectester/data/composite/varying/160/4.csv new file mode 100644 index 0000000..a5b9e09 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/4.csv @@ -0,0 +1 @@ +0xb12cff876adc5a923ed34fcd10143de02f8e0369,0x6cb241142b8fb14f45608aec44a325ad195044b5,0xa7cb4cbde8d7792bee9d4856d80df54cdc925b1f,0x07527e2751335207ab0ddb4d5692c7d9219990f5,0x1d1cd5f91fce22653562dd0534ddb861e7005cb6,0x000000000000000000000000000000000000000d,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/48.csv b/src/cz/crcs/ectester/data/composite/varying/160/48.csv new file mode 100644 index 0000000..202a15b --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/48.csv @@ -0,0 +1 @@ +0x9f3386530aa0a8009acbbe9caa919f72c8d5730f,0x33f8b03510268eb1ca33c2996ddacec1b314c5a6,0x4d9b3a2737345fe43069f306eabdc123e8e847b2,0x0f1ca7149bc1933e1e7efdc55c325df7ad4ba562,0x3b689e90dec0b6c85d679d970278d0f9fa30f013,0x0000000000000000000000000000ca49f6d457c1,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/5.csv b/src/cz/crcs/ectester/data/composite/varying/160/5.csv new file mode 100644 index 0000000..5f0597c --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/5.csv @@ -0,0 +1 @@ +0xe13cc8432dad5ed8a4d2893803957c1e109e0c8f,0x7102ce05e08a10ffe665313cece127f5ff590473,0x2dcb47653c268fc7b0f767ae66fcefc98055399c,0x2c4b06f7428dda4532fbea727c7b1f84782e9762,0x4406bb147b080724d2be46eb15327dd350d7307a,0x000000000000000000000000000000000000001f,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/6.csv b/src/cz/crcs/ectester/data/composite/varying/160/6.csv new file mode 100644 index 0000000..9c1528f --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/6.csv @@ -0,0 +1 @@ +0xe9e74933088156a9f60b0f23253fe21ce259d783,0x6a01bdfb7c22fa778456edc767d0f61895561f27,0x27591495bbaf4845cf807f59d3091b0ec830b080,0xb956503ece30bccd9dc08bc76da995e390b2d0ea,0x30ca629aa64506f2b5e6c71fe7dea2c4284d1a2a,0x000000000000000000000000000000000000003d,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/64.csv b/src/cz/crcs/ectester/data/composite/varying/160/64.csv new file mode 100644 index 0000000..94a2709 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/64.csv @@ -0,0 +1 @@ +0xba824697c3ac48fbf53bdc6997a10f2e9e9d24fd,0x00878d8c00cc5b137d7ee7f3defe3ee2d614112e,0x439154313b1e0b63a3cf445a67af1f2f9442238c,0x33e0dfbcd3bdbd0a3d98254c8c706852ac9160ec,0xb0895e2997ef93d8b9500068855afeff515284c3,0x000000000000000000000000ee49fe4c5b77e201,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/7.csv b/src/cz/crcs/ectester/data/composite/varying/160/7.csv new file mode 100644 index 0000000..170b180 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/7.csv @@ -0,0 +1 @@ +0xb7a0a5730514d83583a708acd53a492d970022bd,0x6ee6d2a43a4daf1c0190aaf2384644b59b1c7f11,0x1835fc673409a0265da795eb4d0ad15358b3369a,0x0fee93a779b05c49623527d2a0af78315efbded6,0xb75b77ea3261bf5713cdec1cdd7251dff38232d6,0x0000000000000000000000000000000000000065,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/70.csv b/src/cz/crcs/ectester/data/composite/varying/160/70.csv new file mode 100644 index 0000000..1dbf9c0 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/70.csv @@ -0,0 +1 @@ +0xcc0786de97196a16f433bd40cd1932999867b103,0x7a58470e1615f4676bfc6fc57d71c99285a56919,0xa047dff6287d28be79b09ce6a398b57e8c2a97e9,0x570bda529a23c0a651113cdb5083439d3a6fd30c,0x9d71ecbe74fb180d08a7bdbb77e6aad40d2146b7,0x00000000000000000000003ba788abd620e775e7,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/8.csv b/src/cz/crcs/ectester/data/composite/varying/160/8.csv new file mode 100644 index 0000000..232df05 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/8.csv @@ -0,0 +1 @@ +0xc9d72249375ff1884a80e426e79315f02fb6904f,0x003ce7e6420986df1c87895fe1b83ed86f93cf10,0x7ed71b8a343a6d4da4220123d2b3405d9e4f813f,0x083e1d65a5ebcf6f98f2202ea5bfe021db0ce40e,0x16947d2cf97c654222c015b6ff56b9471f9518a9,0x00000000000000000000000000000000000000df,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/80.csv b/src/cz/crcs/ectester/data/composite/varying/160/80.csv new file mode 100644 index 0000000..da082ef --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/80.csv @@ -0,0 +1 @@ +0xd84ff9bc6df5a2f01d087f4c5e35ae905eb55e13,0xa50dbf4c40d4455f045c249b655b146d5d07a8a3,0xd6aed5bd031f7c3af319cdf03d45ee1b2e5c72ae,0x3a2b110757656c93362455ad480d38207b826d38,0x9cf1881da1e1f10777900f8c18996e8fbd3e470f,0x00000000000000000000e74bbc29baa61aca49d1,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/90.csv b/src/cz/crcs/ectester/data/composite/varying/160/90.csv new file mode 100644 index 0000000..d67e673 --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/90.csv @@ -0,0 +1 @@ +0xcc0786de97196a16f433bd40cd1932999867b103,0x7a58470e1615f4676bfc6fc57d71c99285a56919,0xa047dff6287d28be79b09ce6a398b57e8c2a97e9,0x353f1f34902fb9c28b62c145369afa64b301e48c,0x0fd9c5d52882c2af8b99b5209bd80e44839c2e2e,0x0000000000000000036b917bc29fe57e7df01d13,0x01 diff --git a/src/cz/crcs/ectester/data/composite/varying/160/96.csv b/src/cz/crcs/ectester/data/composite/varying/160/96.csv new file mode 100644 index 0000000..5dd2d5c --- /dev/null +++ b/src/cz/crcs/ectester/data/composite/varying/160/96.csv @@ -0,0 +1 @@ +0xba824697c3ac48fbf53bdc6997a10f2e9e9d24fd,0x00878d8c00cc5b137d7ee7f3defe3ee2d614112e,0x439154313b1e0b63a3cf445a67af1f2f9442238c,0x5fb9809c2f608e2fb788c735d0233b2dd1cbc243,0x4e71dd0a87b3d4ff1689a77829ba527781f21cbd,0x0000000000000000c85f0b3dd7355b3a516de59b,0x01 diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java index c4b3775..5de8608 100644 --- a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java @@ -47,13 +47,12 @@ public class CardCompositeSuite extends CardTestSuite { continue; } tests.add(allocate); + tests.add(CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), ExpectedValue.ANY)); + tests.add(CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_LOCAL), ExpectedValue.ANY)); for (EC_Key key : curveKeys.getValue()) { - Test set = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), ExpectedValue.ANY); - Test generate = CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_LOCAL), ExpectedValue.ANY); Command ecdhCommand = new Command.ECDH_direct(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH, key.flatten()); Test ecdh = CommandTest.expect(ecdhCommand, ExpectedValue.FAILURE, "Card correctly rejected to do ECDH over a composite order curve.", "Card incorrectly does ECDH over a composite order curve, leaks bits of private key."); - - tests.add(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ", " + key.getDesc(), set, generate, ecdh)); + tests.add(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ", " + key.getDesc(), ecdh)); } doTest(CompoundTest.all(ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ".", tests.toArray(new Test[0]))); new Command.Cleanup(this.card).send(); @@ -72,6 +71,11 @@ public class CardCompositeSuite extends CardTestSuite { List smallRCurves = groupList.stream().filter((e) -> e.getKey().equals("small")).findFirst().get().getValue(); testGroup(smallRCurves, "Small generator order", ExpectedValue.FAILURE, "Card correctly rejected to do ECDH over a small order generator.", "Card incorrectly does ECDH over a small order generator."); + /* Test increasingly larger prime R, to determine where/if card behavior changes. + */ + List varyingCurves = groupList.stream().filter((e) -> e.getKey().equals("varying")).findFirst().get().getValue(); + testGroup(varyingCurves, null, ExpectedValue.ANY, "", ""); + /* Also test having a G of large but composite order, R = p * q, */ List pqCurves = groupList.stream().filter((e) -> e.getKey().equals("pq")).findFirst().get().getValue(); -- cgit v1.2.3-70-g09d2 From c04d4fdc26f7483beb4e56e838f9ba0c2e81560b Mon Sep 17 00:00:00 2001 From: J08nY Date: Sun, 22 Jul 2018 13:15:21 +0200 Subject: Add option for cleanup. --- src/cz/crcs/ectester/reader/ECTesterReader.java | 33 +++++++--- .../ectester/reader/test/CardCofactorSuite.java | 8 ++- .../ectester/reader/test/CardCompositeSuite.java | 10 +-- .../ectester/reader/test/CardCompressionSuite.java | 4 +- .../ectester/reader/test/CardDefaultSuite.java | 12 +++- .../ectester/reader/test/CardDegenerateSuite.java | 8 ++- .../ectester/reader/test/CardEdgeCasesSuite.java | 73 +++++++++++++++++++++- .../ectester/reader/test/CardInvalidSuite.java | 14 +++-- .../crcs/ectester/reader/test/CardMiscSuite.java | 8 ++- .../ectester/reader/test/CardTestVectorSuite.java | 9 ++- .../crcs/ectester/reader/test/CardTwistSuite.java | 14 +++-- .../crcs/ectester/reader/test/CardWrongSuite.java | 19 +++++- .../ectester/standalone/output/TextTestWriter.java | 2 +- 13 files changed, 175 insertions(+), 39 deletions(-) (limited to 'src/cz/crcs/ectester/reader/test/CardCompositeSuite.java') diff --git a/src/cz/crcs/ectester/reader/ECTesterReader.java b/src/cz/crcs/ectester/reader/ECTesterReader.java index 325f3a8..e8863dc 100644 --- a/src/cz/crcs/ectester/reader/ECTesterReader.java +++ b/src/cz/crcs/ectester/reader/ECTesterReader.java @@ -89,10 +89,12 @@ public class ECTesterReader { Manifest manifest = new Manifest(url.openStream()); String commit = manifest.getMainAttributes().getValue("Git-Commit"); GIT_COMMIT = (commit == null) ? "" : "(git " + commit + ")"; - } catch (Exception ignored) { } + } catch (Exception ignored) { + } DESCRIPTION = "ECTesterReader " + VERSION + GIT_COMMIT + ", a javacard Elliptic Curve Cryptography support tester/utility."; - CLI_HEADER = "\n" + DESCRIPTION + "\n\n";; + CLI_HEADER = "\n" + DESCRIPTION + "\n\n"; + ; } private void run(String[] args) { @@ -260,6 +262,7 @@ public class ECTesterReader { * -l / --log [log_file] * * -f / --fresh + * --cleanup * -s / --simulate * -y / --yes * -ka/ --ka-type @@ -316,6 +319,7 @@ public class ECTesterReader { opts.addOption(Option.builder().longOpt("format").desc("Output format to use. One of: text,yml,xml.").hasArg().argName("format").build()); opts.addOption(Option.builder("f").longOpt("fresh").desc("Generate fresh keys (set domain parameters before every generation).").build()); + opts.addOption(Option.builder().longOpt("cleanup").desc("Send the cleanup command trigerring JCSystem.requestObjectDeletion() after some operations.").build()); opts.addOption(Option.builder("s").longOpt("simulate").desc("Simulate a card with jcardsim instead of using a terminal.").build()); opts.addOption(Option.builder("y").longOpt("yes").desc("Accept all warnings and prompts.").build()); @@ -376,6 +380,10 @@ public class ECTesterReader { for (Response r : sent) { respWriter.outputResponse(r); } + if (cfg.cleanup) { + Response cleanup = new Command.Cleanup(cardManager).send(); + respWriter.outputResponse(cleanup); + } EC_Params exported = new EC_Params(domain, export.getParams()); @@ -432,8 +440,10 @@ public class ECTesterReader { keysFile.flush(); generated++; } - Response cleanup = new Command.Cleanup(cardManager).send(); - respWriter.outputResponse(cleanup); + if (cfg.cleanup) { + Response cleanup = new Command.Cleanup(cardManager).send(); + respWriter.outputResponse(cleanup); + } keysFile.close(); } @@ -573,8 +583,10 @@ public class ECTesterReader { ++done; } - Response cleanup = new Command.Cleanup(cardManager).send(); - respWriter.outputResponse(cleanup); + if (cfg.cleanup) { + Response cleanup = new Command.Cleanup(cardManager).send(); + respWriter.outputResponse(cleanup); + } if (out != null) out.close(); @@ -646,9 +658,10 @@ public class ECTesterReader { ++done; } - Response cleanup = new Command.Cleanup(cardManager).send(); - respWriter.outputResponse(cleanup); - + if (cfg.cleanup) { + Response cleanup = new Command.Cleanup(cardManager).send(); + respWriter.outputResponse(cleanup); + } if (out != null) out.close(); } @@ -691,6 +704,7 @@ public class ECTesterReader { public String input; public String[] outputs; public boolean fresh = false; + public boolean cleanup = false; public boolean simulate = false; public boolean yes = false; public String format; @@ -745,6 +759,7 @@ public class ECTesterReader { input = cli.getOptionValue("input"); outputs = cli.getOptionValues("output"); fresh = cli.hasOption("fresh"); + cleanup = cli.hasOption("cleanup"); simulate = cli.hasOption("simulate"); yes = cli.hasOption("yes"); color = cli.hasOption("color"); diff --git a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java index 762dc88..39024b8 100644 --- a/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCofactorSuite.java @@ -65,9 +65,13 @@ public class CardCofactorSuite extends CardTestSuite { Test ecdsa = CompoundTest.all(ExpectedValue.SUCCESS, "Verify random ECDSA signature by public points on non-generator subgroup.", ecdsaTests.toArray(new Test[0])); Test tests = CompoundTest.all(ExpectedValue.SUCCESS, "Perform ECDH and ECDSA tests.", ecdh, ecdsa); - Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS); - doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, tests, cleanup)); + if (cfg.cleanup) { + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS); + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, tests, cleanup)); + } else { + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Cofactor test of " + curve.getId() + ".", prepare, tests)); + } } } } diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java index 5de8608..ec56901 100644 --- a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java @@ -55,7 +55,6 @@ public class CardCompositeSuite extends CardTestSuite { tests.add(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ", " + key.getDesc(), ecdh)); } doTest(CompoundTest.all(ExpectedValue.SUCCESS, "Composite test of " + curve.getId() + ".", tests.toArray(new Test[0]))); - new Command.Cleanup(this.card).send(); } @@ -105,9 +104,12 @@ public class CardCompositeSuite extends CardTestSuite { } else { description = testName + " test of " + curve.getId() + "."; } - Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS); - - doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, description, allocate, set, generate, ecdh, cleanup)); + if (cfg.cleanup) { + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS); + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, description, allocate, set, generate, ecdh, cleanup)); + } else { + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, description, allocate, set, generate, ecdh)); + } } } diff --git a/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java b/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java index 19c452c..5e8f600 100644 --- a/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardCompressionSuite.java @@ -112,7 +112,9 @@ public class CardCompressionSuite extends CardTestSuite { } } compressionTests.addAll(kaTests); - compressionTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS)); + if (cfg.cleanup) { + compressionTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS)); + } doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, "Compression test of " + spec + ".", compressionTests.toArray(new Test[0]))); } diff --git a/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java b/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java index 554003b..fa9bfd0 100644 --- a/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardDefaultSuite.java @@ -16,6 +16,8 @@ import java.util.LinkedList; import java.util.List; import java.util.Random; import java.util.function.Function; +import java.util.stream.Collectors; +import java.util.stream.Stream; import static cz.crcs.ectester.common.test.Result.ExpectedValue; import static cz.crcs.ectester.common.test.Result.Value; @@ -126,10 +128,14 @@ public class CardDefaultSuite extends CardTestSuite { } Test signTest = runTest(CompoundTest.any(ExpectedValue.SUCCESS, "Signature tests.", signTests.toArray(new Test[0]))); supportTests.add(signTest); - supportTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS)); + ExpectedValue[] testExpects = {ExpectedValue.SUCCESS, ExpectedValue.ANY, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS}; + List expects = Stream.of(testExpects).collect(Collectors.toList()); + if (cfg.cleanup) { + supportTests.add(CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS)); + expects.add(ExpectedValue.ANY); + } - ExpectedValue[] testExpects = {ExpectedValue.SUCCESS, ExpectedValue.ANY, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.SUCCESS, ExpectedValue.ANY}; - doTest(CompoundTest.mask(testExpects, "Tests of " + keyLength + "b " + CardUtil.getKeyTypeString(field) + " support.", supportTests.toArray(new Test[0]))); + doTest(CompoundTest.mask(expects.toArray(new ExpectedValue[0]), "Tests of " + keyLength + "b " + CardUtil.getKeyTypeString(field) + " support.", supportTests.toArray(new Test[0]))); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java b/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java index c3cf51c..064c6cb 100644 --- a/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardDegenerateSuite.java @@ -47,9 +47,13 @@ public class CardDegenerateSuite extends CardTestSuite { ecdhTests.add(CommandTest.expect(ecdhCommand, Result.ExpectedValue.FAILURE, "Card correctly rejected point on degenerate curve.", "Card incorrectly accepted point on degenerate curve.")); } Test ecdh = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH with degenerate public points", ecdhTests.toArray(new Test[0])); - Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS); + if (cfg.cleanup) { + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS); + doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Degenerate curve test of " + curve.getId(), prepare, ecdh, cleanup)); + } else { + doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Degenerate curve test of " + curve.getId(), prepare, ecdh)); + } - doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Degenerate curve test of " + curve.getId(), prepare, ecdh, cleanup)); } } } diff --git a/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java b/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java index 211dc58..efc79a9 100644 --- a/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardEdgeCasesSuite.java @@ -5,30 +5,37 @@ import cz.crcs.ectester.applet.EC_Consts; import cz.crcs.ectester.common.ec.EC_Curve; import cz.crcs.ectester.common.ec.EC_KAResult; import cz.crcs.ectester.common.ec.EC_Key; +import cz.crcs.ectester.common.ec.EC_Params; import cz.crcs.ectester.common.output.TestWriter; import cz.crcs.ectester.common.test.CompoundTest; import cz.crcs.ectester.common.test.Result; import cz.crcs.ectester.common.test.Test; import cz.crcs.ectester.common.test.TestCallback; import cz.crcs.ectester.common.util.ByteUtil; +import cz.crcs.ectester.common.util.ECUtil; import cz.crcs.ectester.data.EC_Store; import cz.crcs.ectester.reader.CardMngr; import cz.crcs.ectester.reader.ECTesterReader; import cz.crcs.ectester.reader.command.Command; import cz.crcs.ectester.reader.response.Response; import javacard.security.CryptoException; +import javacard.security.KeyPair; +import java.math.BigInteger; import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.Random; +import java.util.stream.Collectors; /** * @author Jan Jancar johny@neuromancer.sk */ public class CardEdgeCasesSuite extends CardTestSuite { public CardEdgeCasesSuite(TestWriter writer, ECTesterReader.Config cfg, CardMngr cardManager) { - super(writer, cfg, cardManager, "edge-cases", "The edge-cases test suite tests various inputs to ECDH which may cause an implementation to achieve a certain edge-case state during ECDH.", - "Some of the data is from the google/Wycheproof project. Tests include CVE-2017-10176 and CVE-2017-8932."); + super(writer, cfg, cardManager, "edge-cases", "The edge-cases test suite tests various inputs to ECDH which may cause an implementation to achieve a certain edge-case state during it.", + "Some of the data is from the google/Wycheproof project. Tests include CVE-2017-10176 and CVE-2017-8932.", + "Various edge private key values are also tested."); } @Override @@ -104,5 +111,67 @@ public class CardEdgeCasesSuite extends CardTestSuite { } doTest(CompoundTest.all(Result.ExpectedValue.SUCCESS, description, groupTests.toArray(new Test[0]))); } + + // test: + // - s = 0, s = 1 + // - s < r, s = r, s > r + // - s = r - 1, s = r + 1 + // - s = kr + 1, s = kr, s = kr - 1 + Map curveMap = EC_Store.getInstance().getObjects(EC_Curve.class, "secg"); + List curves = curveMap.entrySet().stream().filter((e) -> e.getKey().endsWith("r1")).map(Map.Entry::getValue).collect(Collectors.toList()); + Random rand = new Random(); + for (EC_Curve curve : curves) { + Test key = runTest(CommandTest.expect(new Command.Allocate(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, KeyPair.ALG_EC_FP), Result.ExpectedValue.SUCCESS)); + if (!key.ok()) { + doTest(CompoundTest.all(Result.ExpectedValue.FAILURE, "No support for " + curve.getBits() + "b ALG_EC_FP.", key)); + continue; + } + Test set = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, curve.getParams(), curve.flatten()), Result.ExpectedValue.SUCCESS); + Test generate = CommandTest.expect(new Command.Generate(this.card, ECTesterApplet.KEYPAIR_LOCAL), Result.ExpectedValue.SUCCESS); + Test setup = CompoundTest.all(Result.ExpectedValue.SUCCESS, "KeyPair setup.", key, set, generate); + + Test zeroS = CommandTest.expect(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, EC_Consts.PARAMETER_S, EC_Consts.TRANSFORMATION_ZERO), Result.ExpectedValue.FAILURE); + Test oneS = CommandTest.expect(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, EC_Consts.PARAMETER_S, EC_Consts.TRANSFORMATION_ONE), Result.ExpectedValue.FAILURE); + + byte[] r = curve.getParam(EC_Consts.PARAMETER_R)[0]; + BigInteger R = new BigInteger(1, r); + BigInteger smaller = new BigInteger(curve.getBits(), rand).mod(R); + BigInteger larger; + do { + larger = new BigInteger(curve.getBits(), rand); + } while (larger.compareTo(R) <= 0); + + EC_Params smallerParams = makeParams(smaller, curve.getBits()); + Test smallerS = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, smallerParams.getParams(), smallerParams.flatten()), Result.ExpectedValue.FAILURE); + + EC_Params exactParams = makeParams(R, curve.getBits()); + Test exactS = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, exactParams.getParams(), exactParams.flatten()), Result.ExpectedValue.FAILURE); + + EC_Params largerParams = makeParams(larger, curve.getBits()); + Test largerS = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, largerParams.getParams(), largerParams.flatten()), Result.ExpectedValue.FAILURE); + + BigInteger rm1 = R.subtract(BigInteger.ONE); + BigInteger rp1 = R.add(BigInteger.ONE); + + EC_Params rm1Params = makeParams(rm1, curve.getBits()); + Test rm1S = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, rm1Params.getParams(), rm1Params.flatten()), Result.ExpectedValue.FAILURE); + + EC_Params rp1Params = makeParams(rp1, curve.getBits()); + Test rp1S = CommandTest.expect(new Command.Set(this.card, ECTesterApplet.KEYPAIR_REMOTE, EC_Consts.CURVE_external, rp1Params.getParams(), rp1Params.flatten()), Result.ExpectedValue.FAILURE); + + byte[] k = curve.getParam(EC_Consts.PARAMETER_K)[0]; + BigInteger K = new BigInteger(1, k); + BigInteger kr = K.multiply(R); + BigInteger krp1 = kr.add(BigInteger.ONE); + BigInteger krm1 = kr.subtract(BigInteger.ONE); + } + } + + private EC_Params makeParams(BigInteger s, int keylen) { + return makeParams(ECUtil.toByteArray(s, keylen)); + } + + private EC_Params makeParams(byte[] s) { + return new EC_Params(EC_Consts.PARAMETER_S, new byte[][]{s}); } } diff --git a/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java b/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java index 60afe75..59a427f 100644 --- a/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardInvalidSuite.java @@ -13,7 +13,10 @@ import cz.crcs.ectester.reader.CardMngr; import cz.crcs.ectester.reader.ECTesterReader; import cz.crcs.ectester.reader.command.Command; -import java.util.*; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Random; import static cz.crcs.ectester.common.test.Result.ExpectedValue; @@ -67,9 +70,12 @@ public class CardInvalidSuite extends CardTestSuite { Test ecdsa = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Verify random ECDSA signature by invalid public points", ecdsaTests.toArray(new Test[0])); Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Test ECDH and ECDSA with points on invalid curves.", ecdh, ecdsa); - Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS); - - doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, tests, cleanup)); + if (cfg.cleanup) { + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS); + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, tests, cleanup)); + } else { + doTest(CompoundTest.greedyAllTry(ExpectedValue.SUCCESS, "Invalid curve test of " + curve.getId(), prepare, tests)); + } } } } diff --git a/src/cz/crcs/ectester/reader/test/CardMiscSuite.java b/src/cz/crcs/ectester/reader/test/CardMiscSuite.java index 487fc6a..e568f67 100644 --- a/src/cz/crcs/ectester/reader/test/CardMiscSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardMiscSuite.java @@ -48,9 +48,13 @@ public class CardMiscSuite extends CardTestSuite { Test ka = CommandTest.expect(new Command.ECDH(this.card, ECTesterApplet.KEYPAIR_LOCAL, ECTesterApplet.KEYPAIR_REMOTE, ECTesterApplet.EXPORT_FALSE, EC_Consts.TRANSFORMATION_NONE, EC_Consts.KeyAgreement_ALG_EC_SVDP_DH), expected); Test sig = CommandTest.expect(new Command.ECDSA(this.card, ECTesterApplet.KEYPAIR_LOCAL, EC_Consts.Signature_ALG_ECDSA_SHA, ECTesterApplet.EXPORT_FALSE, null), expected); Test perform = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Perform ECDH and ECDSA", ka, sig); - Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS); - doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + " " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, perform, cleanup)); + if (cfg.cleanup) { + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS); + doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + " " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, perform, cleanup)); + } else { + doTest(CompoundTest.greedyAll(Result.ExpectedValue.SUCCESS, "Tests over " + curve.getBits() + " " + catName + " curve: " + curve.getId() + ".", allocateFirst, set, generate, perform)); + } } } } diff --git a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java index 9a39a72..052e480 100644 --- a/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardTestVectorSuite.java @@ -4,7 +4,10 @@ import cz.crcs.ectester.applet.ECTesterApplet; import cz.crcs.ectester.applet.EC_Consts; import cz.crcs.ectester.common.ec.*; import cz.crcs.ectester.common.output.TestWriter; -import cz.crcs.ectester.common.test.*; +import cz.crcs.ectester.common.test.CompoundTest; +import cz.crcs.ectester.common.test.Result; +import cz.crcs.ectester.common.test.Test; +import cz.crcs.ectester.common.test.TestCallback; import cz.crcs.ectester.common.util.ByteUtil; import cz.crcs.ectester.data.EC_Store; import cz.crcs.ectester.reader.CardMngr; @@ -69,7 +72,9 @@ public class CardTestVectorSuite extends CardTestSuite { return new Result(Value.SUCCESS); } })); - testVector.add(CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS)); + if (cfg.cleanup) { + testVector.add(CommandTest.expect(new Command.Cleanup(this.card), ExpectedValue.SUCCESS)); + } doTest(CompoundTest.greedyAll(ExpectedValue.SUCCESS, "Test vector " + result.getId(), testVector.toArray(new Test[0]))); } } diff --git a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java index e7ea436..1e1f5f3 100644 --- a/src/cz/crcs/ectester/reader/test/CardTwistSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardTwistSuite.java @@ -13,7 +13,10 @@ import cz.crcs.ectester.reader.CardMngr; import cz.crcs.ectester.reader.ECTesterReader; import cz.crcs.ectester.reader.command.Command; -import java.util.*; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Random; /** * @author Jan Jancar johny@neuromancer.sk @@ -61,9 +64,12 @@ public class CardTwistSuite extends CardTestSuite { Test ecdsa = CompoundTest.all(Result.ExpectedValue.SUCCESS, "Verify random ECDSA signature by public points on twist", ecdsaTests.toArray(new Test[0])); Test tests = CompoundTest.all(Result.ExpectedValue.SUCCESS, ecdh, ecdsa); - Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS); - - doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId(), prepare, tests, cleanup)); + if (cfg.cleanup) { + Test cleanup = CommandTest.expect(new Command.Cleanup(this.card), Result.ExpectedValue.SUCCESS); + doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId(), prepare, tests, cleanup)); + } else { + doTest(CompoundTest.greedyAllTry(Result.ExpectedValue.SUCCESS, "Twist test of " + curve.getId(), prepare, tests)); + } } } } diff --git a/src/cz/crcs/ectester/reader/test/CardWrongSuite.java b/src/cz/crcs/ectester/reader/test/CardWrongSuite.java index 34d151b..8bc7c90 100644 --- a/src/cz/crcs/ectester/reader/test/CardWrongSuite.java +++ b/src/cz/crcs/ectester/reader/test/CardWrongSuite.java @@ -121,9 +121,12 @@ public class CardWrongSuite extends CardTestSuite { EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_R, originalR, (short) 0); BigInteger originalBigR = new BigInteger(1, originalR); + Test zeroR = ecdhTest(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, EC_Consts.PARAMETER_R, EC_Consts.TRANSFORMATION_ZERO), "Set R = 0.", "ECDH with R = 0."); + Test oneR = ecdhTest(new Command.Transform(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, EC_Consts.PARAMETER_R, EC_Consts.TRANSFORMATION_ONE), "Set R = 1.", "ECDH with R = 1."); + BigInteger prevPrimeR; do { - prevPrimeR = BigInteger.probablePrime(keyLength, r); + prevPrimeR = BigInteger.probablePrime(originalBigR.bitLength() - 1, r); } while (prevPrimeR.compareTo(originalBigR) >= 0); byte[] prevRBytes = ECUtil.toByteArray(prevPrimeR, keyLength); EC_Params prevRData = new EC_Params(EC_Consts.PARAMETER_R, new byte[][]{prevRBytes}); @@ -139,9 +142,19 @@ public class CardWrongSuite extends CardTestSuite { EC_Params nonprimeWrongRData = new EC_Params(EC_Consts.PARAMETER_R, new byte[][]{nonprimeRBytes}); Test nonprimeWrongR = ecdhTest(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, nonprimeWrongRData.getParams(), nonprimeWrongRData.flatten()), "Set R = some composite (but [r]G != infinity).", "ECDH with wrong R, composite."); - Test wrongR = CompoundTest.all(ExpectedValue.SUCCESS, "Tests with corrupted R parameter.", prevprimeWrongR, nextprimeWrongR, nonprimeWrongR); + Test wrongR = CompoundTest.all(ExpectedValue.SUCCESS, "Tests with corrupted R parameter.", zeroR, oneR, prevprimeWrongR, nextprimeWrongR, nonprimeWrongR); + + byte[] kRaw = new byte[]{(byte) 0xff}; + EC_Params kData = new EC_Params(EC_Consts.PARAMETER_K, new byte[][]{kRaw}); + Test bigK = ecdhTest(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, kData.getParams(), kData.flatten()), "", ""); + + byte[] kZero = new byte[]{(byte) 0}; + EC_Params kZeroData = new EC_Params(EC_Consts.PARAMETER_K, new byte[][]{kZero}); + Test zeroK = ecdhTest(new Command.Set(this.card, ECTesterApplet.KEYPAIR_BOTH, EC_Consts.CURVE_external, kZeroData.getParams(), kZeroData.flatten()), "", ""); + + Test wrongK = CompoundTest.all(ExpectedValue.SUCCESS, "Tests with corrupted K parameter.", bigK, zeroK); - doTest(CompoundTest.all(ExpectedValue.SUCCESS, "Tests of " + keyLength + "b " + CardUtil.getKeyTypeString(KeyPair.ALG_EC_FP), setup, wrongPrime, resetSetup, wrongG, resetSetup.clone(), wrongR, resetSetup.clone())); + doTest(CompoundTest.all(ExpectedValue.SUCCESS, "Tests of " + keyLength + "b " + CardUtil.getKeyTypeString(KeyPair.ALG_EC_FP), setup, wrongPrime, resetSetup, wrongG, resetSetup.clone(), wrongR, resetSetup.clone(), wrongK, resetSetup.clone())); } /* diff --git a/src/cz/crcs/ectester/standalone/output/TextTestWriter.java b/src/cz/crcs/ectester/standalone/output/TextTestWriter.java index 93be3a8..bf9ec7d 100644 --- a/src/cz/crcs/ectester/standalone/output/TextTestWriter.java +++ b/src/cz/crcs/ectester/standalone/output/TextTestWriter.java @@ -47,7 +47,7 @@ public class TextTestWriter extends BaseTextTestWriter { StandaloneTestSuite standaloneSuite = (StandaloneTestSuite) suite; StringBuilder sb = new StringBuilder(); sb.append("═══ ").append(Colors.underline("ECTester version:")).append(" ").append(ECTesterStandalone.VERSION).append(System.lineSeparator()); - sb.append("═══ ").append(Colors.underline("Library:")).append(standaloneSuite.getLibrary().name()).append(System.lineSeparator()); + sb.append("═══ ").append(Colors.underline("Library:")).append(" ").append(standaloneSuite.getLibrary().name()).append(System.lineSeparator()); return sb.toString(); } return ""; -- cgit v1.2.3-70-g09d2