From b4d72715e7d770b4925fef70a192665744a6273d Mon Sep 17 00:00:00 2001 From: J08nY Date: Sun, 30 Oct 2016 17:58:27 +0100 Subject: EC_Consts: added F2M curve support, + F2M curve sect163r1 to start --- src/simpleapdu/SimpleAPDU.java | 75 ++++++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 35 deletions(-) (limited to 'src/simpleapdu/SimpleAPDU.java') diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 0ea9ca3..5baf9a6 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -1,50 +1,53 @@ package simpleapdu; +import applets.EC_Consts; import applets.SimpleECCApplet; -import static applets.SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE; -import static applets.SimpleECCApplet.ECTEST_SET_INVALIDCURVE; import javacard.framework.ISO7816; import javacard.security.CryptoException; import javacard.security.KeyPair; -import javax.smartcardio.ResponseAPDU; import org.bouncycastle.util.Arrays; +import javax.smartcardio.ResponseAPDU; + /** - * * @author Petr Svenda petr@svenda.com */ public class SimpleAPDU { static CardMngr cardManager = new CardMngr(); - private final static byte SELECT_ECTESTERAPPLET[] = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a, - (byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31}; + private final static byte SELECT_ECTESTERAPPLET[] = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a, + (byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31}; private static final byte TESTECSUPPORTALL_FP[] = {(byte) 0xB0, (byte) 0x5E, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final byte TESTECSUPPORTALL_F2M[] = {(byte) 0xB0, (byte) 0x5F, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final byte TESTECSUPPORT_GIVENALG[] = {(byte) 0xB0, (byte) 0x71, (byte) 0x00, (byte) 0x00, (byte) 0x03, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final short TESTECSUPPORT_ALG_OFFSET = 5; private static final short TESTECSUPPORT_KEYLENGTH_OFFSET = 6; - + private static final byte TESTECSUPPORTALL_LASTUSEDPARAMS[] = {(byte) 0xB0, (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x00}; - + private static final byte TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB[] = {(byte) 0xB0, (byte) 0x70, (byte) 0x00, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final short INVALIDCURVEB_NUMREPEATS_OFFSET = 5; private static final short INVALIDCURVEB_CORRUPTIONTYPE_OFFSET = 7; private static final short INVALIDCURVEB_REWINDONSUCCESS_OFFSET = 9; - + static short getShort(byte[] array, int offset) { - return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF)); + return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF)); } + static void setShort(byte[] array, int offset, short value) { array[offset + 1] = (byte) (value & 0xFF); array[offset] = (byte) ((value >> 8) & 0xFF); - } + } + static void testFPkeyGen_setNumRepeats(byte[] apduArray, short numRepeats) { setShort(apduArray, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats); } + static void testFPkeyGen_setCorruptionType(byte[] apduArray, short corruptionType) { setShort(apduArray, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType); } + static void testFPkeyGen_rewindOnSuccess(byte[] apduArray, boolean bRewind) { apduArray[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0; } @@ -57,16 +60,17 @@ public class SimpleAPDU { } return cardManager; } - + static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception { ReconnnectToCard(); ResponseAPDU resp = cardManager.sendAPDU(apdu); PrintECSupport(resp); } + static void testSupportECAll(CardMngr cardManager) throws Exception { byte[] testAPDU = Arrays.clone(TESTECSUPPORT_GIVENALG); - testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; + testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 128); testSupportECGivenAlg(testAPDU, cardManager); setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 160); @@ -81,7 +85,7 @@ public class SimpleAPDU { testSupportECGivenAlg(testAPDU, cardManager); setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 521); testSupportECGivenAlg(testAPDU, cardManager); - + testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_F2M; setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 113); testSupportECGivenAlg(testAPDU, cardManager); @@ -91,8 +95,9 @@ public class SimpleAPDU { testSupportECGivenAlg(testAPDU, cardManager); setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 193); testSupportECGivenAlg(testAPDU, cardManager); - + } + public static void main(String[] args) { try { // @@ -101,11 +106,11 @@ public class SimpleAPDU { if (cardManager.ConnectToCard()) { testSupportECAll(cardManager); - + // Test setting invalid parameter B of curve byte[] testAPDU = Arrays.clone(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB); //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT); - testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_ONEBYTERANDOM); + testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM); //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_FULLRANDOM); testFPkeyGen_setNumRepeats(testAPDU, (short) 10); testFPkeyGen_rewindOnSuccess(testAPDU, true); @@ -124,7 +129,7 @@ public class SimpleAPDU { PrintECSupport(resp_fp); PrintECSupport(resp_f2m); */ - + cardManager.DisconnectFromCard(); } else { System.out.println("Failed to connect to card"); @@ -133,12 +138,11 @@ public class SimpleAPDU { System.out.println("Exception : " + ex); } } - + static String getPrintError(short code) { if (code == ISO7816.SW_NO_ERROR) { return "OK\t(0x9000)"; - } - else { + } else { String codeStr = "unknown"; if (code == CryptoException.ILLEGAL_VALUE) { codeStr = "ILLEGAL_VALUE"; @@ -165,22 +169,22 @@ public class SimpleAPDU { codeStr = "SW_INVALID_CORRUPTION_TYPE"; } return String.format("fail\t(%s,\t0x%4x)", codeStr, code); - } + } } - + enum ExpResult { SHOULD_SUCCEDD, MAY_FAIL, MUST_FAIL } + static int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) { if (bufferOffset >= buffer.length) { System.out.println(" No more data returned"); - } - else { + } else { if (buffer[bufferOffset] != expectedTag) { System.out.println(" ERROR: mismatched tag"); - assert(buffer[bufferOffset] == expectedTag); + assert (buffer[bufferOffset] == expectedTag); } bufferOffset++; short resCode = getShort(buffer, bufferOffset); @@ -195,13 +199,13 @@ public class SimpleAPDU { } if (bHiglight) { System.out.println(String.format("!! %-50s%s", message, getPrintError(resCode))); - } - else { + } else { System.out.println(String.format(" %-50s%s", message, getPrintError(resCode))); } } return bufferOffset; } + static void PrintECSupport(ResponseAPDU resp) { byte[] buffer = resp.getData(); @@ -209,7 +213,7 @@ public class SimpleAPDU { System.out.println("### Test for support and with valid and invalid EC curves"); int bufferOffset = 0; while (bufferOffset < buffer.length) { - assert(buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR); + assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR); bufferOffset++; String ecType = "unknown"; if (buffer[bufferOffset] == KeyPair.ALG_EC_FP) { @@ -232,10 +236,11 @@ public class SimpleAPDU { bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); - + System.out.println(); } } + static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) { byte[] buffer = resp.getData(); @@ -261,8 +266,8 @@ public class SimpleAPDU { short numRepeats = getShort(buffer, bufferOffset); bufferOffset += 2; System.out.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); - - + + bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); while (bufferOffset < buffer.length) { bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); @@ -277,7 +282,7 @@ public class SimpleAPDU { System.out.println(); } } - + static void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) { byte[] buffer = resp.getData(); short offset = 0; @@ -286,6 +291,6 @@ public class SimpleAPDU { System.out.print(String.format("%x ", buffer[offset])); offset++; } - - } + + } } -- cgit v1.2.3-70-g09d2 From c2be46f5881a3a8e63c0815de28f0516ceeb7bcc Mon Sep 17 00:00:00 2001 From: J08nY Date: Wed, 2 Nov 2016 21:05:56 +0100 Subject: Implemented External curve setting on applet side SimpleECCApplet: added TestEC_SupportExternal which receives an FP or F2M elliptic curve parameters in an APDU, sets it and tries ECDH, ECDSA. ECKeyGenerator: added setExternalCurve, which reads and sets external parameters from one buffer, with data order: field | a | b | g | r | k --- src/applets/ECKeyGenerator.java | 33 ++++++++ src/applets/SimpleECCApplet.java | 169 +++++++++++++++++++++++++++++++++++++-- src/simpleapdu/SimpleAPDU.java | 6 ++ 3 files changed, 200 insertions(+), 8 deletions(-) (limited to 'src/simpleapdu/SimpleAPDU.java') diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index 393c249..28b3ed3 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -70,6 +70,7 @@ public class ECKeyGenerator { } if (sw != ISO7816.SW_NO_ERROR) return sw; + //go through all params for (byte param = EC_Consts.PARAMETER_A; param <= EC_Consts.PARAMETER_K; param = (byte)(param << 1)) { length = EC_Consts.getCurveParameter(curve, param, buffer, offset); sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length); @@ -159,6 +160,38 @@ public class ECKeyGenerator { return result; } + public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength){ + short sw = ISO7816.SW_NO_ERROR; + if (keyClass == KeyPair.ALG_EC_FP) { + sw = setExternalParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength); + } else if (keyClass == KeyPair.ALG_EC_F2M) { + sw = setExternalParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength); + } + if (sw != ISO7816.SW_NO_ERROR) return sw; + + offset += fieldLength; + + //go through all params + sw = setExternalParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += aLength; + sw = setExternalParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += bLength; + + sw = setExternalParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength)); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += gxLength + gyLength; + + + sw = setExternalParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength); + if (sw != ISO7816.SW_NO_ERROR) return sw; + offset += rLength; + + sw = setExternalParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2); + return sw; + } + public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) { if (key == KEY_BOTH) { return -1; diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 683e61d..3b5b514 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -11,20 +11,21 @@ import javacard.security.*; public class SimpleECCApplet extends javacard.framework.Applet { // MAIN INSTRUCTION CLASS - final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; + final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; // INSTRUCTIONS - final static byte INS_GENERATEKEY = (byte) 0x5a; - final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; + final static byte INS_GENERATEKEY = (byte) 0x5a; + final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; - final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; - final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; + final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; + final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; - final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; - final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; + final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; + final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; - final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; + final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72; + final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; final static short ARRAY_LENGTH = (short) 0xff; @@ -45,6 +46,9 @@ public class SimpleECCApplet extends javacard.framework.Applet { public final static byte ECTEST_ECDH_AGREEMENT_INVALID_POINT = (byte) 0xc8; public final static byte ECTEST_EXECUTED_REPEATS = (byte) 0xc9; public final static byte ECTEST_DH_GENERATESECRET = (byte) 0xca; + public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb; + public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc; + public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd; public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; @@ -188,6 +192,9 @@ public class SimpleECCApplet extends javacard.framework.Applet { case INS_TESTEC_LASTUSEDPARAMS: TestECSupportInvalidCurve_lastUsedParams(apdu); break; + case INS_TESTECSUPPORT_EXTERNAL: + TestEC_SupportExternal(apdu); + break; /* case INS_ALLOCATEKEYPAIRS: AllocateKeyPairs(apdu); @@ -391,6 +398,152 @@ public class SimpleECCApplet extends javacard.framework.Applet { apdu.setOutgoingAndSend((short) 0, dataOffset); } + short TestECSupportExternalCurve(byte keyClass, short keyLength, byte[] buffer, short bufferOffset, short outputOffset) { + short startOffset = outputOffset; + + short fieldLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short aLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short bLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short gxLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short gyLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + short rLength = Util.getShort(buffer, bufferOffset); + bufferOffset += 2; + + buffer[outputOffset] = ECTEST_SEPARATOR; + outputOffset++; + + // allocatePair + buffer[outputOffset] = ECTEST_ALLOCATE_KEYPAIR; + outputOffset++; + short sw = ecKeyGenerator.allocatePair(keyClass, keyLength); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // setExternalParam -> forall in {field, a, b, g, r, k} + buffer[outputOffset] = ECTEST_SET_EXTERNALCURVE; + outputOffset++; + sw = ecKeyGenerator.setExternalCurve(ECKeyGenerator.KEY_BOTH, keyClass, buffer, bufferOffset, fieldLength, aLength, bLength, gxLength, gyLength, rLength); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // generatePair + buffer[outputOffset] = ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE; + outputOffset++; + sw = ecKeyGenerator.generatePair(); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + + // test_ECDH + buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT; + outputOffset++; + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // test_ECDH invalid + buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT; + outputOffset++; + sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + // test_ECDSA + buffer[outputOffset] = ECTEST_ECDSA_SIGNATURE; + outputOffset++; + randomData.generateData(m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2)); + sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2), m_ramArray2, (short) 0); + Util.setShort(buffer, outputOffset, sw); + outputOffset += 2; + if (sw != ISO7816.SW_NO_ERROR) { + return (short) (outputOffset - startOffset); + } + + return (short) (outputOffset - startOffset); + } + + /** + * Receives an FP or F2M elliptic curve parameters in the APDU. + * Then allocates a new keypair, sets said curve and tries ECDH, ECDSA. + * APDU format: + * byte CLA = CLA_SIMPLEECCAPPLET + * byte INS = INS_TESTECSUPPORT_EXTERNAL + * byte P0 + * byte P1 + *

+ * CDATA: + * byte keyClass -> KeyPair.ALG_EC_FP or KeyPair.ALG_EC_F2\M + * short keyLength + * short fieldLength + * short aLength + * short bLength + * short gxLength + * short gyLength + * short rLength + * field -> FP: prime / F2M: three or one short representing the reduction polynomial + * a + * b + * gx + * gy + * r + * short k + *

+ * Response APDU format: + * CDATA: + * byte ECTEST_SEPARATOR + * byte ECTEST_ALLOCATE_KEYPAIR + * short sw + * byte ECTEST_SET_EXTERNALCURVE + * short sw + * byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE + * short sw + * byte ECTEST_ECDH_AGREEMENT_VALID_POINT + * short sw + * byte ECTEST_ECDH_AGREEMENT_INVALID_POINT + * short sw + * byte ECTEST_ECDSA_SIGNATURE + * short sw + * + * @param apdu + */ + void TestEC_SupportExternal(APDU apdu) { + byte[] apdubuf = apdu.getBuffer(); + short len = apdu.setIncomingAndReceive(); + + short offset = ISO7816.OFFSET_CDATA; + byte keyClass = apdubuf[offset]; + ++offset; + short keyLength = Util.getShort(apdubuf, offset); + offset += 2; + + short dataLength = TestECSupportExternalCurve(keyClass, keyLength, apdubuf, offset, (short) 0); + + apdu.setOutgoingAndSend((short) 0, dataLength); + } + + void TestEC_FP_GenerateInvalidCurve(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); short len = apdu.setIncomingAndReceive(); diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 5baf9a6..7401509 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -168,6 +168,12 @@ public class SimpleAPDU { if (code == SimpleECCApplet.SW_INVALID_CORRUPTION_TYPE) { codeStr = "SW_INVALID_CORRUPTION_TYPE"; } + if (code == SimpleECCApplet.SW_SIG_LENGTH_MISMATCH) { + codeStr = "SW_SIG_LENGTH_MISMATCH"; + } + if (code == SimpleECCApplet.SW_SIG_VERIFY_FAIL) { + codeStr = "SW_SIG_VERIFY_FAIL"; + } return String.format("fail\t(%s,\t0x%4x)", codeStr, code); } } -- cgit v1.2.3-70-g09d2 From 7d946796d87638a5f54cc8562c9d3a95309cf3cc Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 7 Nov 2016 20:26:50 +0100 Subject: ECKeyGenerator: fixes to key genertion, ECKeyTester: fixed ECDH/ECDHC pubkey length issue. EC_Consts: fixed decompressG and getCurveParameter array copy mismatch SimpleECCApplet: fixed B parameter test All tests now pass as before. --- src/applets/ECKeyGenerator.java | 102 ++++++++++++++++++++++----------------- src/applets/ECKeyTester.java | 16 +++--- src/applets/EC_Consts.java | 31 ++++++++---- src/applets/SimpleECCApplet.java | 29 +++++------ src/simpleapdu/SimpleAPDU.java | 2 +- 5 files changed, 102 insertions(+), 78 deletions(-) (limited to 'src/simpleapdu/SimpleAPDU.java') diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index 28b3ed3..e9bdfa6 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -1,6 +1,7 @@ package applets; import javacard.framework.ISO7816; +import javacard.framework.ISOException; import javacard.framework.Util; import javacard.security.CryptoException; import javacard.security.ECPrivateKey; @@ -16,17 +17,18 @@ public class ECKeyGenerator { private ECPrivateKey ecPrivateKey = null; private ECPublicKey ecPublicKey = null; - public static final byte KEY_PUBLIC = 0x1; - public static final byte KEY_PRIVATE = 0x2; - public static final byte KEY_BOTH = KEY_PUBLIC & KEY_PRIVATE; + public static final byte KEY_PUBLIC = 0x01; + public static final byte KEY_PRIVATE = 0x02; + public static final byte KEY_BOTH = KEY_PUBLIC | KEY_PRIVATE; - public short allocatePair(byte algorithm, short keyLength) { + //TODO: add something like allocateGenerate, or modify allocate to auto-generate a key-pair if it returns null key references after allocating + public short allocatePair(byte keyClass, short keyLength) { short result = ISO7816.SW_NO_ERROR; try { - ecKeyPair = new KeyPair(algorithm, keyLength); - ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); + ecKeyPair = new KeyPair(keyClass, keyLength); ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); + ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); } catch (CryptoException ce) { result = ce.getReason(); } catch (Exception e) { @@ -36,15 +38,15 @@ public class ECKeyGenerator { } public boolean isAllocated() { - return ecKeyPair != null && ecPrivateKey != null && ecPublicKey != null; + return ecKeyPair != null; } public short generatePair() { short result = ISO7816.SW_NO_ERROR; try { ecKeyPair.genKeyPair(); - ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); + ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); } catch (CryptoException ce) { result = ce.getReason(); } catch (Exception e) { @@ -63,18 +65,20 @@ public class ECKeyGenerator { short length; if (alg == KeyPair.ALG_EC_FP) { length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_FP, buffer, offset); - sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length); + sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_FP, buffer, offset, length); } else if (alg == KeyPair.ALG_EC_F2M) { length = EC_Consts.getCurveParameter(curve, EC_Consts.PARAMETER_F2M, buffer, offset); - sw = setExternalParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length); + sw = setParameter(KEY_BOTH, EC_Consts.PARAMETER_F2M, buffer, offset, length); } if (sw != ISO7816.SW_NO_ERROR) return sw; //go through all params - for (byte param = EC_Consts.PARAMETER_A; param <= EC_Consts.PARAMETER_K; param = (byte)(param << 1)) { + byte param = EC_Consts.PARAMETER_A; + while (param > 0) { length = EC_Consts.getCurveParameter(curve, param, buffer, offset); - sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length); + sw = setParameter(KEY_BOTH, param, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) break; + param = (byte) (param << 1); } return sw; } @@ -89,68 +93,76 @@ public class ECKeyGenerator { //go through param bit by bit, and invalidate all selected params byte paramMask = 0x01; - while (paramMask <= EC_Consts.PARAMETER_K) { - byte masked = (byte)(paramMask & param); - if (masked != 0){ + while (paramMask > 0) { + byte masked = (byte) (paramMask & param); + if (masked != 0) { short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType); - sw = setExternalParameter(key, masked, buffer, offset, length); + sw = setParameter(key, masked, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) return sw; } - paramMask = (byte)(paramMask << 1); + paramMask = (byte) (paramMask << 1); } return sw; } - public short setExternalParameter(byte key, byte param, byte[] data, short offset, short length) { + public short setParameter(byte key, byte param, byte[] data, short offset, short length) { short result = ISO7816.SW_NO_ERROR; try { switch (param) { - case EC_Consts.PARAMETER_FP: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length); + case EC_Consts.PARAMETER_FP: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldFP(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldFP(data, offset, length); break; - case EC_Consts.PARAMETER_F2M: + } + case EC_Consts.PARAMETER_F2M: { if (length == 2) { short i = Util.makeShort(data[offset], data[(short) (offset + 1)]); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i); if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i); } else if (length == 6) { short i1 = Util.makeShort(data[offset], data[(short) (offset + 1)]); short i2 = Util.makeShort(data[(short) (offset + 2)], data[(short) (offset + 3)]); short i3 = Util.makeShort(data[(short) (offset + 4)], data[(short) (offset + 5)]); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3); if ((key & KEY_PUBLIC) != 0) ecPublicKey.setFieldF2M(i1, i2, i3); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setFieldF2M(i1, i2, i3); } else { result = ISO7816.SW_UNKNOWN; } break; - case EC_Consts.PARAMETER_A: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length); + } + case EC_Consts.PARAMETER_A: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setA(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setA(data, offset, length); break; - case EC_Consts.PARAMETER_B: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length); + } + case EC_Consts.PARAMETER_B: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setB(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setB(data, offset, length); break; - case EC_Consts.PARAMETER_G: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length); + } + case EC_Consts.PARAMETER_G: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setG(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setG(data, offset, length); break; - case EC_Consts.PARAMETER_R: - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length); + } + case EC_Consts.PARAMETER_R: { if ((key & KEY_PUBLIC) != 0) ecPublicKey.setR(data, offset, length); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setR(data, offset, length); break; - case EC_Consts.PARAMETER_K: + } + case EC_Consts.PARAMETER_K: { if (length != 2) { result = ISO7816.SW_UNKNOWN; } else { - short k = Util.makeShort(data[offset], data[(short) (offset + 1)]); - if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k); + short k = Util.getShort(data, offset); if ((key & KEY_PUBLIC) != 0) ecPublicKey.setK(k); + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setK(k); } break; - default: - result = ISO7816.SW_UNKNOWN; + } + default: { + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } } } catch (CryptoException ce) { result = ce.getReason(); @@ -160,35 +172,35 @@ public class ECKeyGenerator { return result; } - public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength){ + public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength) { short sw = ISO7816.SW_NO_ERROR; if (keyClass == KeyPair.ALG_EC_FP) { - sw = setExternalParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength); + sw = setParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength); } else if (keyClass == KeyPair.ALG_EC_F2M) { - sw = setExternalParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength); + sw = setParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength); } if (sw != ISO7816.SW_NO_ERROR) return sw; offset += fieldLength; //go through all params - sw = setExternalParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength); + sw = setParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength); if (sw != ISO7816.SW_NO_ERROR) return sw; offset += aLength; - sw = setExternalParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength); + sw = setParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength); if (sw != ISO7816.SW_NO_ERROR) return sw; offset += bLength; - sw = setExternalParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength)); + sw = setParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength)); if (sw != ISO7816.SW_NO_ERROR) return sw; offset += gxLength + gyLength; - sw = setExternalParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength); + sw = setParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength); if (sw != ISO7816.SW_NO_ERROR) return sw; offset += rLength; - sw = setExternalParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2); + sw = setParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2); return sw; } @@ -226,7 +238,7 @@ public class ECKeyGenerator { length = 2; break; default: - length = -1; + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } } catch (CryptoException ce) { length = -1; diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java index 1031b06..d6ff6c1 100644 --- a/src/applets/ECKeyTester.java +++ b/src/applets/ECKeyTester.java @@ -91,13 +91,13 @@ public class ECKeyTester { * exception reason otherwise **/ public short testECDH_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { - publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_validPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset); + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testDH_validPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } public short testECDH_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { - publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_invalidPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset); + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testDH_invalidPoint(ecdhKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } @@ -115,13 +115,13 @@ public class ECKeyTester { * exception reason otherwise */ public short testECDHC_validPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { - publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_validPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset); + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testDH_validPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } public short testECDHC_invalidPoint(ECPrivateKey privateKey, ECPublicKey publicKey, byte[] pubkeyBuffer, short pubkeyOffset, byte[] outputBuffer, short outputOffset) { - publicKey.getW(pubkeyBuffer, pubkeyOffset); - return testDH_invalidPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, (short) pubkeyBuffer.length, outputBuffer, outputOffset); + short length = publicKey.getW(pubkeyBuffer, pubkeyOffset); + return testDH_invalidPoint(ecdhcKeyAgreement, privateKey, pubkeyBuffer, pubkeyOffset, length, outputBuffer, outputOffset); } /** diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java index e39570a..d5f23d1 100644 --- a/src/applets/EC_Consts.java +++ b/src/applets/EC_Consts.java @@ -70,7 +70,7 @@ public class EC_Consts { // cofactor of G public static final short EC128_FP_K = 1; - // secp160r1 + // secp160r1 public static final byte[] EC160_FP_P = new byte[]{ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, @@ -1108,32 +1108,32 @@ public class EC_Consts { switch (param) { case PARAMETER_FP: if (alg == KeyPair.ALG_EC_FP) { - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_FP_P, (short) 0, (short) EC_FP_P.length); + length = Util.arrayCopyNonAtomic(EC_FP_P, (short) 0, outputBuffer, outputOffset, (short) EC_FP_P.length); } break; case PARAMETER_F2M: if (alg == KeyPair.ALG_EC_F2M) { - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_F2M_F2M, (short) 0, (short) EC_F2M_F2M.length); + length = Util.arrayCopyNonAtomic(EC_F2M_F2M, (short) 0, outputBuffer, outputOffset, (short) EC_F2M_F2M.length); } break; case PARAMETER_A: - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_A, (short) 0, (short) EC_A.length); + length = Util.arrayCopyNonAtomic(EC_A, (short) 0, outputBuffer, outputOffset, (short) EC_A.length); break; case PARAMETER_B: - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_B, (short) 0, (short) EC_B.length); + length = Util.arrayCopyNonAtomic(EC_B, (short) 0, outputBuffer, outputOffset, (short) EC_B.length); break; case PARAMETER_G: length = decompressG(outputBuffer, outputOffset, EC_G_X, (short) 0, (short) EC_G_X.length, EC_G_Y, (short) 0, (short) EC_G_Y.length); break; case PARAMETER_R: - length = Util.arrayCopyNonAtomic(outputBuffer, outputOffset, EC_R, (short) 0, (short) EC_R.length); + length = Util.arrayCopyNonAtomic(EC_R, (short) 0, outputBuffer, outputOffset, (short) EC_R.length); break; case PARAMETER_K: length = 2; Util.setShort(outputBuffer, outputOffset, EC_K); break; default: - length = -1; + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } return length; } @@ -1169,9 +1169,9 @@ public class EC_Consts { rngPos %= length; // make < param length byte original = outputBuffer[rngPos]; - while (original != outputBuffer[rngPos]) { + do { m_random.generateData(outputBuffer, rngPos, (short) 1); - } + } while (original == outputBuffer[rngPos]); break; case CORRUPTION_ZERO: Util.arrayFillNonAtomic(outputBuffer, outputOffset, length, (byte) 0); @@ -1181,6 +1181,16 @@ public class EC_Consts { break; default: ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow + case CORRUPT_B_LASTBYTEINCREMENT: + m_ramArray2[(short) (m_lenB - 1)] += 1; + // Make sure its not the valid byte again + if (m_ramArray[(short) (m_lenB - 1)] == m_ramArray2[(short) (m_lenB - 1)]) { + m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more + } + break; + } + */ } return length; } @@ -1193,10 +1203,11 @@ public class EC_Consts { short size = 1; size += gxLength; size += gyLength; + short offset = outputOffset; + outputBuffer[offset] = 0x04; offset += 1; - outputBuffer[offset] = 0x04; offset = Util.arrayCopyNonAtomic(gx, gxOffset, outputBuffer, offset, gxLength); Util.arrayCopyNonAtomic(gy, gyOffset, outputBuffer, offset, gyLength); return size; diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 3b5b514..404bf00 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -8,7 +8,7 @@ import javacard.framework.*; import javacard.security.*; -public class SimpleECCApplet extends javacard.framework.Applet { +public class SimpleECCApplet extends Applet { // MAIN INSTRUCTION CLASS final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; @@ -297,7 +297,7 @@ public class SimpleECCApplet extends javacard.framework.Applet { ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); if (sw == ISO7816.SW_NO_ERROR) { - sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); } } Util.setShort(buffer, bufferOffset, sw); @@ -427,7 +427,7 @@ public class SimpleECCApplet extends javacard.framework.Applet { return (short) (outputOffset - startOffset); } - // setExternalParam -> forall in {field, a, b, g, r, k} + // setExternalCurve buffer[outputOffset] = ECTEST_SET_EXTERNALCURVE; outputOffset++; sw = ecKeyGenerator.setExternalCurve(ECKeyGenerator.KEY_BOTH, keyClass, buffer, bufferOffset, fieldLength, aLength, bLength, gxLength, gyLength, rLength); @@ -598,10 +598,18 @@ public class SimpleECCApplet extends javacard.framework.Applet { } else { testFlags = 0; } + + if (ecPubKey == null || ecPrivKey == null) { + ecKeyGenerator.generatePair(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + ecPubKey = ecKeyGenerator.getPublicKey(); + } } Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; + + // // 2. Set invalid custom curve (many times) // @@ -620,6 +628,8 @@ public class SimpleECCApplet extends javacard.framework.Applet { bufferOffset = startOffset; } + ecPubKey.getB(m_ramArray2, (short) 0); //store valid B + // set invalid curve buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; @@ -631,23 +641,13 @@ public class SimpleECCApplet extends javacard.framework.Applet { // CORRUPTION_ONEBYTERANDOM = 0x04, one random byte randomly changed // CORRUPTION_ZERO = 0x05, parameter competely zero // CORRUPTION_ONE = 0x06, parameter completely one - sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyClass, ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0); + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_B, corruptionType, m_ramArray, (short) 0); Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; if (sw != ISO7816.SW_NO_ERROR) { // if we reach this line, we are interested in value of B that caused incorrect response break; // stop execution, return B } - /* //TODO implement CORRUPT_B_LASTBYTEINCREMENT somehow - case CORRUPT_B_LASTBYTEINCREMENT: - m_ramArray2[(short) (m_lenB - 1)] += 1; - // Make sure its not the valid byte again - if (m_ramArray[(short) (m_lenB - 1)] == m_ramArray2[(short) (m_lenB - 1)]) { - m_ramArray2[(short) (m_lenB - 1)] += 1; // if yes, increment once more - } - break; - } - */ // Gen key pair with invalid curve @@ -668,6 +668,7 @@ public class SimpleECCApplet extends javacard.framework.Applet { sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0); m_lenB = ecPubKey.getB(m_ramArray2, (short) 0); //store B + //TODO: note, according to the previous version of this method, sw should get appended to the buffer only if sw != SW_NO_ERROR Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; break; //stop execution, return B diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 7401509..ead8fb7 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -106,7 +106,7 @@ public class SimpleAPDU { if (cardManager.ConnectToCard()) { testSupportECAll(cardManager); - + // // Test setting invalid parameter B of curve byte[] testAPDU = Arrays.clone(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB); //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT); -- cgit v1.2.3-70-g09d2 From 7ef646a52fe3e470a0d283d0fb0db5265f444794 Mon Sep 17 00:00:00 2001 From: J08nY Date: Sat, 26 Nov 2016 18:02:26 +0100 Subject: SimpleAPDU: Added cli parsing Just a simple command line parsing for two options, should be changed to use some CLI parser lib in the future. -g [num] - generates [num] keys, if [num] is ommitted runs forever -a - runs the test suite for all standard key sizes and field types By default -a is run. --- src/simpleapdu/SimpleAPDU.java | 207 ++++++++++++++++++++++++----------------- 1 file changed, 123 insertions(+), 84 deletions(-) (limited to 'src/simpleapdu/SimpleAPDU.java') diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 56d5a4c..8775217 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -5,12 +5,12 @@ import applets.SimpleECCApplet; import javacard.framework.ISO7816; import javacard.security.CryptoException; import javacard.security.KeyPair; + +import javax.smartcardio.ResponseAPDU; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.util.Arrays; -import javax.smartcardio.ResponseAPDU; - /** @@ -39,6 +39,7 @@ public class SimpleAPDU { private static final byte TESTECSUPPORT_GENERATEECCKEY[] = {(byte) 0xB0, (byte) 0x5a, (byte) 0x00, (byte) 0x00, (byte) 0x02, (byte) 0x00, (byte) 0x00}; + static short getShort(byte[] array, int offset) { return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF)); } @@ -106,85 +107,65 @@ public class SimpleAPDU { } + public static void main(String[] args) throws FileNotFoundException, IOException { - String logFileName = String.format("ECTESTER_log_%d.log", System.currentTimeMillis()); - FileOutputStream systemOutLogger = new FileOutputStream(logFileName); - m_SystemOutLogger = new DirtyLogger(systemOutLogger, true); - try { - // Gather large number of ECC keypairs - if (cardManager.ConnectToCardSelect()) { - cardManager.sendAPDU(SELECT_ECTESTERAPPLET); - - String keyFileName = String.format("ECKEYS_%d.log", System.currentTimeMillis()); - FileOutputStream keysFile = new FileOutputStream(keyFileName); - - String message = "index;pubW;privS\n"; - keysFile.write(message.getBytes()); - byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length); - // Prepare keypair object - gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE; - setShort(gatherKeyAPDU, (short) 5, (short) 192); // ecc length - ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); - - // Generate new keypair - gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; - int counter = 0; - while (true) { - counter++; - long elapsed = -System.nanoTime(); - respGather = cardManager.sendAPDU(gatherKeyAPDU); - elapsed += System.nanoTime(); - - byte[] data = respGather.getData(); - int offset = 0; - String pubKeyW = ""; - String privKeyS = ""; - if (data[offset] == EC_Consts.TAG_ECPUBKEY) { - offset++; - short len = getShort(data, offset); - offset += 2; - pubKeyW = CardMngr.bytesToHex(data, offset, len, false); - offset += len; - } - if (data[offset] == EC_Consts.TAG_ECPRIVKEY) { - offset++; - short len = getShort(data, offset); - offset += 2; - privKeyS = CardMngr.bytesToHex(data, offset, len, false); - offset += len; - } - - message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS); - keysFile.write(message.getBytes()); + boolean genKeys = false; + int genAmount = 0; + boolean testAll = false; + if (args.length > 0) { + for (int i = 0; i < args.length; i++) { + if (args[i].equals("-g")) { + genKeys = true; + if (args.length >= i + 1) { + try { + genAmount = Integer.parseInt(args[i + 1]); + }catch (NumberFormatException ignored) { + //is another param, genAmount = 0 by default + genAmount = 0; + } - m_SystemOutLogger.flush(); - keysFile.flush(); + } + } else if (args[i].equals("-a")) { + testAll = true; } } + } - if (cardManager.ConnectToCard()) { - byte[] testAPDU2 = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); - testAPDU2[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; - setShort(testAPDU2, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384); - testSupportECGivenAlg(testAPDU2, cardManager); - - testSupportECAll(cardManager); - // - // Test setting invalid parameter B of curve - byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT); - testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_FULLRANDOM); - testFPkeyGen_setNumRepeats(testAPDU, (short) 10); - testFPkeyGen_rewindOnSuccess(testAPDU, true); - ReconnnectToCard(); - ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU); - ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); - PrintECKeyGenInvalidCurveB(resp_fp_keygen); - PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); - - /* + //by default do the test + if (!genKeys && !testAll) { + testAll = true; + } + + + String logFileName = String.format("ECTESTER_log_%d.log", System.currentTimeMillis()); + FileOutputStream systemOutLogger = new FileOutputStream(logFileName); + m_SystemOutLogger = new DirtyLogger(systemOutLogger, true); + + try { + if (testAll) { + if (cardManager.ConnectToCard()) { + byte[] testAPDU2 = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); + testAPDU2[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; + setShort(testAPDU2, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384); + testSupportECGivenAlg(testAPDU2, cardManager); + + testSupportECAll(cardManager); + // + // Test setting invalid parameter B of curve + byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); + //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT); + testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM); + //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_FULLRANDOM); + testFPkeyGen_setNumRepeats(testAPDU, (short) 10); + testFPkeyGen_rewindOnSuccess(testAPDU, true); + ReconnnectToCard(); + ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU); + ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); + PrintECKeyGenInvalidCurveB(resp_fp_keygen); + PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); + + /* // Test support for different types of curves ReconnnectToCard(); ResponseAPDU resp_fp = cardManager.sendAPDU(TESTECSUPPORTALL_FP); @@ -194,14 +175,74 @@ public class SimpleAPDU { PrintECSupport(resp_f2m); */ - cardManager.DisconnectFromCard(); - } else { - m_SystemOutLogger.println("Failed to connect to card"); + cardManager.DisconnectFromCard(); + } else { + m_SystemOutLogger.println("Failed to connect to card"); + } + } + + if (genKeys) { + // Gather large number of ECC keypairs + if (cardManager.ConnectToCardSelect()) { + cardManager.sendAPDU(SELECT_ECTESTERAPPLET); + + String keyFileName = String.format("ECKEYS_%d.log", System.currentTimeMillis()); + FileOutputStream keysFile = new FileOutputStream(keyFileName); + + String message = "index;time;pubW;privS\n"; + keysFile.write(message.getBytes()); + byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length); + // Prepare keypair object + gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE; + setShort(gatherKeyAPDU, (short) 5, (short) 192); // ecc length + ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); + + // Generate new keypair + gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; + int counter = 0; + while (true) { + counter++; + long elapsed = -System.nanoTime(); + respGather = cardManager.sendAPDU(gatherKeyAPDU); + elapsed += System.nanoTime(); + + byte[] data = respGather.getData(); + int offset = 0; + String pubKeyW = ""; + String privKeyS = ""; + if (data[offset] == EC_Consts.TAG_ECPUBKEY) { + offset++; + short len = getShort(data, offset); + offset += 2; + pubKeyW = CardMngr.bytesToHex(data, offset, len, false); + offset += len; + } + if (data[offset] == EC_Consts.TAG_ECPRIVKEY) { + offset++; + short len = getShort(data, offset); + offset += 2; + privKeyS = CardMngr.bytesToHex(data, offset, len, false); + offset += len; + } + + message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS); + keysFile.write(message.getBytes()); + + m_SystemOutLogger.flush(); + keysFile.flush(); + + //stop when we have enough keys, go on forever with 0 + if (counter >= genAmount && genAmount != 0) + break; + } + } } + + } catch (Exception ex) { m_SystemOutLogger.println("Exception : " + ex); } - + systemOutLogger.close(); } @@ -253,11 +294,10 @@ public class SimpleAPDU { static int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) { if (bufferOffset >= buffer.length) { m_SystemOutLogger.println(" No more data returned"); - } - else { + } else { if (buffer[bufferOffset] != expectedTag) { m_SystemOutLogger.println(" ERROR: mismatched tag"); - assert(buffer[bufferOffset] == expectedTag); + assert (buffer[bufferOffset] == expectedTag); } bufferOffset++; short resCode = getShort(buffer, bufferOffset); @@ -272,8 +312,7 @@ public class SimpleAPDU { } if (bHiglight) { m_SystemOutLogger.println(String.format("!! %-50s%s", message, getPrintError(resCode))); - } - else { + } else { m_SystemOutLogger.println(String.format(" %-50s%s", message, getPrintError(resCode))); } } -- cgit v1.2.3-70-g09d2 From 1a0d0b14ff7720b98ffdda4651bf1b58d34203bd Mon Sep 17 00:00:00 2001 From: J08nY Date: Sat, 26 Nov 2016 19:24:37 +0100 Subject: Added tests for non-prime p, ECDSA into the main test suite. Also fixed ECDSA test. --- !uploader/simpleECC.cap | Bin 9854 -> 14367 bytes dist/SimpleAPDU.jar | Bin 52783 -> 3071803 bytes src/applets/ECKeyTester.java | 14 ++++----- src/applets/SimpleECCApplet.java | 61 +++++++++++++++++++++++++++++++++++---- src/simpleapdu/SimpleAPDU.java | 52 ++++++++++++--------------------- 5 files changed, 79 insertions(+), 48 deletions(-) (limited to 'src/simpleapdu/SimpleAPDU.java') diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap index 9d36664..7d019f4 100644 Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar index 3a13dc6..88b4ab9 100644 Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ diff --git a/src/applets/ECKeyTester.java b/src/applets/ECKeyTester.java index d6ff6c1..acfb64e 100644 --- a/src/applets/ECKeyTester.java +++ b/src/applets/ECKeyTester.java @@ -143,16 +143,12 @@ public class ECKeyTester { short result = ISO7816.SW_NO_ERROR; try { ecdsaSignature.init(signKey, Signature.MODE_SIGN); - short sigLength = ecdsaSignature.sign(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset); - if (sigLength != 20) { // per javacard.security.Signature an ALG_ECDSA_SHA should be 20 bytes. - result = SimpleECCApplet.SW_SIG_LENGTH_MISMATCH; - } else { - ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY); - boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength); - if (!correct) { - result = SimpleECCApplet.SW_SIG_VERIFY_FAIL; - } + + ecdsaSignature.init(verifyKey, Signature.MODE_VERIFY); + boolean correct = ecdsaSignature.verify(inputBuffer, inputOffset, inputLength, sigBuffer, sigOffset, sigLength); + if (!correct) { + result = SimpleECCApplet.SW_SIG_VERIFY_FAIL; } } catch (CryptoException ce) { result = ce.getReason(); diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 8ec9e67..9901aee 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -53,6 +53,8 @@ public class SimpleECCApplet extends Applet { public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb; public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc; public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd; + public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xce; + public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xcf; public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; @@ -62,15 +64,17 @@ public class SimpleECCApplet extends Applet { public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE = (short) 0x0020; public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040; public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080; + public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100; + public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x0200; + public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x0400; - public final static short FLAG_ECTEST_ALL = (short) 0x00ff; + public final static short FLAG_ECTEST_ALL = (short) 0xffff; public final static short SW_SKIPPED = (short) 0x0ee1; public final static short SW_KEYPAIR_GENERATED_INVALID = (short) 0x0ee2; public final static short SW_INVALID_CORRUPTION_TYPE = (short) 0x0ee3; - public final static short SW_SIG_LENGTH_MISMATCH = (short) 0xee4; - public final static short SW_SIG_VERIFY_FAIL = (short) 0xee5; + public final static short SW_SIG_VERIFY_FAIL = (short) 0xee4; /* public static final byte[] EC192_FP_PUBLICW = new byte[]{ (byte) 0x04, (byte) 0xC9, (byte) 0xC0, (byte) 0xED, (byte) 0xFB, (byte) 0x27, @@ -325,7 +329,25 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 7. Set invalid custom curve + // 7. ECDSA test + // + buffer[bufferOffset] = ECTEST_ECDSA_SIGNATURE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_ECDSA_SIGNATURE) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + if (sw == ISO7816.SW_NO_ERROR) { + sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0); + } + + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 8. Set invalid custom curve // buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; @@ -341,7 +363,7 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 8. Generate keypair with invalid custom curve + // 9. Generate keypair with invalid custom curve // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; bufferOffset++; @@ -352,6 +374,35 @@ public class SimpleECCApplet extends Applet { Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; + // + // 10. Set invalid field + // + buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_SET_INVALIDFIELD) != (short) 0) { + if (keyClass == KeyPair.ALG_EC_FP) + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_FP, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); + else + sw = ecKeyGenerator.setCustomInvalidCurve(keyClass, keyLen, ECKeyGenerator.KEY_BOTH, EC_Consts.PARAMETER_F2M, EC_Consts.CORRUPTION_FULLRANDOM, m_ramArray, (short) 0); + + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; + } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // 11. Generate key with invalid field + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + return (short) (bufferOffset - baseOffset); } diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 8775217..77478a0 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -107,9 +107,8 @@ public class SimpleAPDU { } - public static void main(String[] args) throws FileNotFoundException, IOException { - + //parse cli args. Should be replaced with some cli parsing library code in the future. boolean genKeys = false; int genAmount = 0; boolean testAll = false; @@ -120,7 +119,7 @@ public class SimpleAPDU { if (args.length >= i + 1) { try { genAmount = Integer.parseInt(args[i + 1]); - }catch (NumberFormatException ignored) { + }catch (NumberFormatException ignored) { //is another param, genAmount = 0 by default genAmount = 0; } @@ -145,36 +144,21 @@ public class SimpleAPDU { try { if (testAll) { if (cardManager.ConnectToCard()) { - byte[] testAPDU2 = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); - testAPDU2[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; - setShort(testAPDU2, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384); - testSupportECGivenAlg(testAPDU2, cardManager); - + // Test all default curves for both fields testSupportECAll(cardManager); - // + // Test setting invalid parameter B of curve byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_LASTBYTEINCREMENT); testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM); - //testFPkeyGen_setCorruptionType(testAPDU, SimpleECCApplet.CORRUPT_B_FULLRANDOM); testFPkeyGen_setNumRepeats(testAPDU, (short) 10); testFPkeyGen_rewindOnSuccess(testAPDU, true); + ReconnnectToCard(); ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU); ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); PrintECKeyGenInvalidCurveB(resp_fp_keygen); PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); - /* - // Test support for different types of curves - ReconnnectToCard(); - ResponseAPDU resp_fp = cardManager.sendAPDU(TESTECSUPPORTALL_FP); - ReconnnectToCard(); - ResponseAPDU resp_f2m = cardManager.sendAPDU(TESTECSUPPORTALL_F2M); - PrintECSupport(resp_fp); - PrintECSupport(resp_f2m); - */ - cardManager.DisconnectFromCard(); } else { m_SystemOutLogger.println("Failed to connect to card"); @@ -275,9 +259,6 @@ public class SimpleAPDU { if (code == SimpleECCApplet.SW_INVALID_CORRUPTION_TYPE) { codeStr = "SW_INVALID_CORRUPTION_TYPE"; } - if (code == SimpleECCApplet.SW_SIG_LENGTH_MISMATCH) { - codeStr = "SW_SIG_LENGTH_MISMATCH"; - } if (code == SimpleECCApplet.SW_SIG_VERIFY_FAIL) { codeStr = "SW_SIG_VERIFY_FAIL"; } @@ -286,7 +267,7 @@ public class SimpleAPDU { } enum ExpResult { - SHOULD_SUCCEDD, + SHOULD_SUCCEED, MAY_FAIL, MUST_FAIL } @@ -307,7 +288,7 @@ public class SimpleAPDU { if ((expRes == ExpResult.MUST_FAIL) && (resCode == ISO7816.SW_NO_ERROR)) { bHiglight = true; } - if ((expRes == ExpResult.SHOULD_SUCCEDD) && (resCode != ISO7816.SW_NO_ERROR)) { + if ((expRes == ExpResult.SHOULD_SUCCEED) && (resCode != ISO7816.SW_NO_ERROR)) { bHiglight = true; } if (bHiglight) { @@ -341,14 +322,17 @@ public class SimpleAPDU { m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); bufferOffset += 2; - bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Generate key with def curve (fails if no def):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_DEFCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); - bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); + bufferOffset = VerifyPrintResult("ECDSA signature on random data:", SimpleECCApplet.ECTEST_ECDSA_SIGNATURE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); + bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("Generate key with invalid field (fail si good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDFIELD, buffer, bufferOffset, ExpResult.MUST_FAIL); m_SystemOutLogger.println(); } @@ -380,15 +364,15 @@ public class SimpleAPDU { bufferOffset += 2; m_SystemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); - bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); while (bufferOffset < buffer.length) { - bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set invalid custom curve:", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); if (buffer[bufferOffset] == SimpleECCApplet.ECTEST_DH_GENERATESECRET) { bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_DH_GENERATESECRET, buffer, bufferOffset, ExpResult.MUST_FAIL); } - bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); - bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEDD); + bufferOffset = VerifyPrintResult("Set valid custom curve:", SimpleECCApplet.ECTEST_SET_VALIDCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); } m_SystemOutLogger.println(); -- cgit v1.2.3-70-g09d2 From f4b67923063ca35ae1405d701b461bfda0c10515 Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 28 Nov 2016 22:34:50 +0100 Subject: Added test for small public key degree in ECDH --- !uploader/simpleECC.cap | Bin 14367 -> 18068 bytes dist/SimpleAPDU.jar | Bin 3071803 -> 3078811 bytes src/applets/ECKeyGenerator.java | 31 +++++++++++++------ src/applets/EC_Consts.java | 50 ++++++++++++++++++++++++------ src/applets/SimpleECCApplet.java | 64 ++++++++++++++++++++++++++++++++++----- src/simpleapdu/SimpleAPDU.java | 19 ++++++++++-- 6 files changed, 134 insertions(+), 30 deletions(-) (limited to 'src/simpleapdu/SimpleAPDU.java') diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap index 7d019f4..d9c360b 100644 Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar index 88b4ab9..9bb85ff 100644 Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index e9bdfa6..c4b71c0 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -73,39 +73,39 @@ public class ECKeyGenerator { if (sw != ISO7816.SW_NO_ERROR) return sw; //go through all params - byte param = EC_Consts.PARAMETER_A; - while (param > 0) { + short param = EC_Consts.PARAMETER_A; + while (param <= EC_Consts.PARAMETER_K) { length = EC_Consts.getCurveParameter(curve, param, buffer, offset); sw = setParameter(KEY_BOTH, param, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) break; - param = (byte) (param << 1); + param = (short) (param << 1); } return sw; } - public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, byte param, short corruptionType, byte[] buffer, short offset) { + public short setCustomInvalidCurve(short keyClass, short keyLength, byte key, short param, short corruptionType, byte[] buffer, short offset) { return setCustomInvalidCurve(EC_Consts.getCurve(keyClass, keyLength), key, param, corruptionType, buffer, offset); } - public short setCustomInvalidCurve(byte curve, byte key, byte param, short corruptionType, byte[] buffer, short offset) { + public short setCustomInvalidCurve(byte curve, byte key, short param, short corruptionType, byte[] buffer, short offset) { short sw = setCustomCurve(curve, buffer, offset); if (sw != ISO7816.SW_NO_ERROR) return sw; //go through param bit by bit, and invalidate all selected params - byte paramMask = 0x01; - while (paramMask > 0) { - byte masked = (byte) (paramMask & param); + short paramMask = 0x01; + while (paramMask <= EC_Consts.PARAMETER_K) { + short masked = (short) (paramMask & param); if (masked != 0) { short length = EC_Consts.getCorruptCurveParameter(curve, masked, buffer, offset, corruptionType); sw = setParameter(key, masked, buffer, offset, length); if (sw != ISO7816.SW_NO_ERROR) return sw; } - paramMask = (byte) (paramMask << 1); + paramMask = (short) (paramMask << 1); } return sw; } - public short setParameter(byte key, byte param, byte[] data, short offset, short length) { + public short setParameter(byte key, short param, byte[] data, short offset, short length) { short result = ISO7816.SW_NO_ERROR; try { switch (param) { @@ -160,6 +160,12 @@ public class ECKeyGenerator { } break; } + case EC_Consts.PARAMETER_S: + if ((key & KEY_PRIVATE) != 0) ecPrivateKey.setS(data, offset, length); + break; + case EC_Consts.PARAMETER_W: + if ((key & KEY_PUBLIC) != 0) ecPublicKey.setW(data, offset, length); + break; default: { ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } @@ -237,6 +243,11 @@ public class ECKeyGenerator { if ((key & KEY_PRIVATE) != 0) Util.setShort(outputBuffer, outputOffset, ecPrivateKey.getK()); length = 2; break; + case EC_Consts.PARAMETER_S: + if ((key & KEY_PRIVATE) != 0) length = ecPrivateKey.getS(outputBuffer, outputOffset); + break; + case EC_Consts.PARAMETER_W: + if ((key & KEY_PUBLIC) != 0) length = ecPublicKey.getW(outputBuffer, outputOffset); default: ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } diff --git a/src/applets/EC_Consts.java b/src/applets/EC_Consts.java index 24d854c..bcf2b14 100644 --- a/src/applets/EC_Consts.java +++ b/src/applets/EC_Consts.java @@ -21,14 +21,16 @@ public class EC_Consts { private static byte[] EC_F2M_F2M = null; //[short i1, short i2, short i3], f = x^m + x^i1 + x^i2 + x^i3 + 1 - public static final byte PARAMETER_FP = 0x01; - public static final byte PARAMETER_F2M = 0x02; + public static final short PARAMETER_FP = 0x0001; + public static final short PARAMETER_F2M = 0x0002; - public static final byte PARAMETER_A = 0x04; - public static final byte PARAMETER_B = 0x08; - public static final byte PARAMETER_G = 0x10; - public static final byte PARAMETER_R = 0x20; - public static final byte PARAMETER_K = 0x40; + public static final short PARAMETER_A = 0x0004; + public static final short PARAMETER_B = 0x0008; + public static final short PARAMETER_G = 0x0010; + public static final short PARAMETER_R = 0x0020; + public static final short PARAMETER_K = 0x0040; + public static final short PARAMETER_S = 0x0080; + public static final short PARAMETER_W = 0x0100; public static RandomData m_random = null; @@ -1658,10 +1660,38 @@ public class EC_Consts { } else { ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } - return 0; //will not be reached + return 0; } - public static short getCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset) { + public static byte getAnomalousCurve(short keyClass, short keyLength) { + if (keyClass == KeyPair.ALG_EC_FP) { + switch (keyLength) { + case (short) 128: + return CURVE_sp128; + case (short) 160: + return CURVE_sp160; + case (short) 192: + return CURVE_sp192; + case (short) 224: + return CURVE_sp224; + case (short) 256: + return CURVE_sp256; + case (short) 384: + return CURVE_sp384; + case (short) 521: + return CURVE_sp521; + default: + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + } else if (keyClass == KeyPair.ALG_EC_F2M) { + return 0; + } else { + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } + return 0; + } + + public static short getCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset) { byte alg = getCurveType(curve); switch (curve) { case CURVE_secp128r1: { @@ -1905,7 +1935,7 @@ public class EC_Consts { return length; } - public static short getCorruptCurveParameter(byte curve, byte param, byte[] outputBuffer, short outputOffset, short corruptionType) { + public static short getCorruptCurveParameter(byte curve, short param, byte[] outputBuffer, short outputOffset, short corruptionType) { short length = getCurveParameter(curve, param, outputBuffer, outputOffset); if (length <= 0) { return length; diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index 9901aee..8cc4237 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -53,8 +53,11 @@ public class SimpleECCApplet extends Applet { public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb; public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc; public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd; - public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xce; - public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xcf; + public final static byte ECTEST_SET_ANOMALOUSCURVE = (byte) 0xce; + public final static byte ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE = (byte) 0xcf; + public final static byte ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (byte) 0xd0; + public final static byte ECTEST_SET_INVALIDFIELD = (byte) 0xd1; + public final static byte ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (byte) 0xd2; public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001; public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002; @@ -65,8 +68,11 @@ public class SimpleECCApplet extends Applet { public final static short FLAG_ECTEST_ECDH_AGREEMENT_VALID_POINT = (short) 0x0040; public final static short FLAG_ECTEST_ECDH_AGREEMENT_INVALID_POINT = (short) 0x0080; public final static short FLAG_ECTEST_ECDSA_SIGNATURE = (short) 0x0100; - public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x0200; - public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x0400; + public final static short FLAG_ECTEST_SET_ANOMALOUSCURVE = (short) 0x0200; + public final static short FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE = (short) 0x0400; + public final static short FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT = (short) 0x0800; + public final static short FLAG_ECTEST_SET_INVALIDFIELD = (short) 0x1000; + public final static short FLAG_ECTEST_GENERATE_KEYPAIR_INVALIDFIELD = (short) 0x2000; public final static short FLAG_ECTEST_ALL = (short) 0xffff; @@ -341,13 +347,55 @@ public class SimpleECCApplet extends Applet { if (sw == ISO7816.SW_NO_ERROR) { sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray2, (short) 0, (short) m_ramArray2.length, m_ramArray, (short) 0); } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 8. Set anomalous custom curve + // + buffer[bufferOffset] = ECTEST_SET_ANOMALOUSCURVE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) { + sw = ecKeyGenerator.setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLen), m_ramArray, (short) 0); + if (sw != ISO7816.SW_NO_ERROR) { + testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE; + } + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + + // + // 9. Generate keypair with anomalous custom curve + // + + buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE) != (short) 0) { + sw = ecKeyGenerator.generatePair(); + } + Util.setShort(buffer, bufferOffset, sw); + bufferOffset += 2; + // + // 10. Test small degree pubkey + // + + buffer[bufferOffset] = ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT; + bufferOffset++; + sw = SW_SKIPPED; + if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) { + ecPubKey = ecKeyGenerator.getPublicKey(); + ecPrivKey = ecKeyGenerator.getPrivateKey(); + sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 1); } Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; // - // 8. Set invalid custom curve + // 11. Set invalid custom curve // buffer[bufferOffset] = ECTEST_SET_INVALIDCURVE; bufferOffset++; @@ -363,7 +411,7 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 9. Generate keypair with invalid custom curve + // 12. Generate keypair with invalid custom curve // buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE; bufferOffset++; @@ -375,7 +423,7 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; // - // 10. Set invalid field + // 13. Set invalid field // buffer[bufferOffset] = ECTEST_SET_INVALIDFIELD; bufferOffset++; @@ -393,7 +441,7 @@ public class SimpleECCApplet extends Applet { Util.setShort(buffer, bufferOffset, sw); bufferOffset += 2; - // 11. Generate key with invalid field + // 14. Generate key with invalid field buffer[bufferOffset] = ECTEST_GENERATE_KEYPAIR_INVALIDFIELD; bufferOffset++; sw = SW_SKIPPED; diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 77478a0..44bf302 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -5,6 +5,7 @@ import applets.SimpleECCApplet; import javacard.framework.ISO7816; import javacard.security.CryptoException; import javacard.security.KeyPair; +import sun.java2d.pipe.SpanShapeRenderer; import javax.smartcardio.ResponseAPDU; import java.io.FileNotFoundException; @@ -73,6 +74,7 @@ public class SimpleAPDU { static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception { ReconnnectToCard(); ResponseAPDU resp = cardManager.sendAPDU(apdu); + //byte[] resp = cardManager.sendAPDUSimulator(apdu); PrintECSupport(resp); } @@ -143,7 +145,11 @@ public class SimpleAPDU { try { if (testAll) { + //byte[] installData = new byte[10]; + //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74}; + //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class); if (cardManager.ConnectToCard()) { + // Test all default curves for both fields testSupportECAll(cardManager); @@ -301,7 +307,10 @@ public class SimpleAPDU { } static void PrintECSupport(ResponseAPDU resp) { - byte[] buffer = resp.getData(); + PrintECSupport(resp.getData()); + } + + static void PrintECSupport(byte[] buffer) { m_SystemOutLogger.println(); m_SystemOutLogger.println("### Test for support and with valid and invalid EC curves"); @@ -329,6 +338,9 @@ public class SimpleAPDU { bufferOffset = VerifyPrintResult("ECDH agreement with valid point:", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_VALID_POINT, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); bufferOffset = VerifyPrintResult("ECDH agreement with invalid point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_INVALID_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); bufferOffset = VerifyPrintResult("ECDSA signature on random data:", SimpleECCApplet.ECTEST_ECDSA_SIGNATURE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); + bufferOffset = VerifyPrintResult("Set anomalous custom curve (may fail):", SimpleECCApplet.ECTEST_SET_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("Generate key with anomalous curve (may fail):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_ANOMALOUSCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); + bufferOffset = VerifyPrintResult("ECDH agreement with small order point (fail is good):", SimpleECCApplet.ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT, buffer, bufferOffset, ExpResult.MUST_FAIL); bufferOffset = VerifyPrintResult("Set invalid custom curve (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDCURVE, buffer, bufferOffset, ExpResult.MAY_FAIL); bufferOffset = VerifyPrintResult("Generate key with invalid curve (fail is good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDCUSTOMCURVE, buffer, bufferOffset, ExpResult.MUST_FAIL); bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL); @@ -339,7 +351,10 @@ public class SimpleAPDU { } static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) { - byte[] buffer = resp.getData(); + PrintECKeyGenInvalidCurveB(resp.getData()); + } + + static void PrintECKeyGenInvalidCurveB(byte[] buffer) { m_SystemOutLogger.println(); m_SystemOutLogger.println("### Test for computation with invalid parameter B for EC curve"); -- cgit v1.2.3-70-g09d2 From 5f0ec2706a9dbb6aa72ea3c7eb798cd83045e867 Mon Sep 17 00:00:00 2001 From: J08nY Date: Sat, 10 Dec 2016 23:32:41 +0100 Subject: Added CLI options, Apache commons-cli lib, anomalous curve key export - Added CLI options, see SimpleAPDU.jar -h - Added Apache commons-cli for CLI options, it uses Apache license - Added support for anomalous curve export both reader/applet side: `java -jar SimpleAPDU.jar -g 10 -b 256 -fp -s` generates 10 curves over ECSP256 an anomalous 256bit curve. --- !uploader/simpleECC.cap | Bin 18215 -> 18296 bytes README.md | 39 ++-- dist/SimpleAPDU.jar | Bin 3078963 -> 470966 bytes lib/commons-cli-1.3.1-javadoc.jar | Bin 0 -> 169756 bytes lib/commons-cli-1.3.1.jar | Bin 0 -> 52988 bytes src/applets/ECKeyGenerator.java | 5 +- src/applets/SimpleECCApplet.java | 23 ++- src/simpleapdu/CardMngr.java | 7 +- src/simpleapdu/DirtyLogger.java | 12 +- src/simpleapdu/SimpleAPDU.java | 419 +++++++++++++++++++++----------------- 10 files changed, 285 insertions(+), 220 deletions(-) create mode 100644 lib/commons-cli-1.3.1-javadoc.jar create mode 100644 lib/commons-cli-1.3.1.jar (limited to 'src/simpleapdu/SimpleAPDU.java') diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap index e76168c..52fef17 100644 Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ diff --git a/README.md b/README.md index df80750..ad76fc1 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Tests support and behavior of smartcards with JavaCard platform with focus on El Usage ------ 1. Upload simpleECC.cap using your favorite tool (e.g., [GlobalPlatformPro tool](https://github.com/martinpaljak/GlobalPlatform)) -2. Run java -jar SimpleAPDU.jar +2. Run `java -jar SimpleAPDU.jar` 3. Inspect output log with annotated results Following operations are tested: @@ -14,24 +14,33 @@ Following operations are tested: - Generation of keypair with default curve - Setting of custom curve and keypair generation - Generation of shared secret via ECDH -- Behavior of card when invalid curves/points are provided (shoudl fail) +- Signature via ECDSA +- Behavior of card when invalid curves/points are provided (should fail) + +See `java -jar SimpleAPDU.jar -h` for more. Example output -------------- - EC type: ALG_EC_FP - EC key length (bits): 224 bits - KeyPair object allocation: OK (0x9000) - Generate key with def curve (fails if no def): fail (ILLEGAL_VALUE, 0x1) - Set valid custom curve: OK (0x9000) - Generate key with valid curve: OK (0x9000) - !!ECDH agreement with valid point: fail (0x6f00) - ECDH agreement with invalid point (fail is good): fail (unknown, 0x6f00) - Set invalid custom curve (fail is good): fail (ILLEGAL_VALUE, 0x1) - Generate key with invalid curve (fail is good): fail (skipped, 0xee1) - - -*Explanation: ALG_EC_FP with 224b curve was tested. Is supported by card (KeyPair object allocation: OK), don't have preset default curve (Generate key with def curve: fail), custom curve can be set (Set valid custom curve: OK), new keypair can be generated (Generate key with valid curve: OK), ECDH key agreement failed to execute (ECDH agreement with valid point: fail) altough it was supposed to suceed (log line is therefore marked with !!), ECDH wil fail (expected behavior) if invalid point is provided (ECDH agreement with invalid point: fail), invalid custom curve cannot be set (expected behavior) (Set invalid custom curve: fail) and new keypair cannot be generated with invalid curve (Generate key with invalid curve: skipped) - last test was skipped as invalid curve canot be set.* + ### Test for support and with valid and invalid EC curves + EC type: ALG_EC_FP + EC key length (bits): 256 bits + KeyPair object allocation: OK (0x9000) + Generate key with def curve (fails if no def): OK (0x9000) + Set valid custom curve: OK (0x9000) + Generate key with valid curve: OK (0x9000) + !! ECDH agreement with valid point: fail (unknown, 0x6f00) + ECDH agreement with invalid point (fail is good): fail (ILLEGAL_VALUE, 0x 1) + ECDSA signature on random data: OK (0x9000) + Set anomalous custom curve (may fail): OK (0x9000) + Generate key with anomalous curve (may fail): fail (unknown, 0x6f00) + ECDH agreement with small order point (fail is good):fail (skipped, 0x ee1) + Set invalid custom curve (may fail): OK (0x9000) + Generate key with invalid curve (fail is good): fail (unknown, 0x6f00) + Set invalid field (may fail): OK (0x9000) + Generate key with invalid field (fail si good): fail (unknown, 0x6f00) + +*Explanation: ALG_EC_FP with 256b curve was tested. Is supported by card (KeyPair object allocation: OK), don't have preset default curve (Generate key with def curve: fail), custom curve can be set (Set valid custom curve: OK), new keypair can be generated (Generate key with valid curve: OK), ECDH key agreement failed to execute (ECDH agreement with valid point: fail) although it was supposed to succeed (log line is therefore marked with !!), ECDH wil fail (expected behavior) if invalid point is provided (ECDH agreement with invalid point: fail), ECDSA signature worked and verified correctly (ECDSA signature on random data: OK), anomalous curve can be set (Set anomalous custom curve: OK), however generating a key on it will fail (Generate key with anomalous curve: fail), ECDH with small-order public key provided will fail as intended (ECDH agreement with small order point: fail), invalid custom curve could be set (Set invalid custom curve: OK), new keypair cannot be generated with invalid curve (Generate key with invalid curve: fail), invalid field (non-prime) could be set (Set invalid field: OK), however a key could not be generated (Generate key with invalid field: fail).* If you are interested in testing support for other JavaCard algorithms, please visit JCAlgTester project: https://github.com/crocs-muni/JCAlgTest diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar index 09b7e73..1e96259 100644 Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ diff --git a/lib/commons-cli-1.3.1-javadoc.jar b/lib/commons-cli-1.3.1-javadoc.jar new file mode 100644 index 0000000..c741ec4 Binary files /dev/null and b/lib/commons-cli-1.3.1-javadoc.jar differ diff --git a/lib/commons-cli-1.3.1.jar b/lib/commons-cli-1.3.1.jar new file mode 100644 index 0000000..c3e7a1f Binary files /dev/null and b/lib/commons-cli-1.3.1.jar differ diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index c4b71c0..491cd86 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -22,7 +22,6 @@ public class ECKeyGenerator { public static final byte KEY_BOTH = KEY_PUBLIC | KEY_PRIVATE; - //TODO: add something like allocateGenerate, or modify allocate to auto-generate a key-pair if it returns null key references after allocating public short allocatePair(byte keyClass, short keyLength) { short result = ISO7816.SW_NO_ERROR; try { @@ -105,6 +104,10 @@ public class ECKeyGenerator { return sw; } + public short setCustomAnomalousCurve(short keyClass, short keyLength, byte[] buffer, short offset) { + return setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLength), buffer, offset); + } + public short setParameter(byte key, short param, byte[] data, short offset, short length) { short result = ISO7816.SW_NO_ERROR; try { diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index e63bcf2..ecdfa4e 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -359,7 +359,7 @@ public class SimpleECCApplet extends Applet { sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_SET_ANOMALOUSCURVE) != (short) 0) { if (keyClass == KeyPair.ALG_EC_FP) { //Only FP supported at the moment - sw = ecKeyGenerator.setCustomCurve(EC_Consts.getAnomalousCurve(keyClass, keyLen), m_ramArray, (short) 0); + sw = ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLen, m_ramArray, (short) 0); } if (sw != ISO7816.SW_NO_ERROR) { testFlags &= ~FLAG_ECTEST_GENERATE_KEYPAIR_ANOMALOUSCUVE; @@ -915,21 +915,30 @@ public class SimpleECCApplet extends Applet { void GenerateAndReturnKey(APDU apdu) { byte[] apdubuf = apdu.getBuffer(); apdu.setIncomingAndReceive(); + + short offset = ISO7816.OFFSET_CDATA; + byte keyClass = apdubuf[offset]; + offset++; - short bitLen = Util.getShort(apdubuf, ISO7816.OFFSET_CDATA); + short keyLength = Util.getShort(apdubuf, offset); + offset+=2; - short offset = 0; + byte anomalous = apdubuf[offset]; + + offset = 0; switch (apdubuf[ISO7816.OFFSET_P1]) { case P1_SETCURVE: { - ecKeyGenerator.allocatePair(KeyPair.ALG_EC_FP, bitLen); + ecKeyGenerator.allocatePair(keyClass, keyLength); + if(anomalous != 0) { + ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLength, m_ramArray, (short) 0); + } else { + ecKeyGenerator.setCustomCurve(keyClass, keyLength, m_ramArray, (short) 0); + } ecKeyGenerator.generatePair(); ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); - - // If required, initialize curve parameters first - ecKeyGenerator.setCustomCurve(KeyPair.ALG_EC_FP, bitLen, m_ramArray, (short) 0); break; } case P1_GENERATEKEYPAIR: { diff --git a/src/simpleapdu/CardMngr.java b/src/simpleapdu/CardMngr.java index d778bc8..ae8bd55 100644 --- a/src/simpleapdu/CardMngr.java +++ b/src/simpleapdu/CardMngr.java @@ -105,7 +105,10 @@ public class CardMngr { return true; } - + + public boolean isConnected() { + return m_card != null; + } public void DisconnectFromCard() throws Exception { if (m_card != null) { @@ -191,7 +194,7 @@ public class CardMngr { if (responseAPDU.getSW1() == (byte) 0x61) { CommandAPDU apduToSend = new CommandAPDU((byte) 0x00, (byte) 0xC0, (byte) 0x00, (byte) 0x00, - (int) responseAPDU.getSW1()); + responseAPDU.getSW1()); responseAPDU = m_channel.transmit(apduToSend); System.out.println(bytesToHex(responseAPDU.getBytes())); diff --git a/src/simpleapdu/DirtyLogger.java b/src/simpleapdu/DirtyLogger.java index 69e5e65..c06571b 100644 --- a/src/simpleapdu/DirtyLogger.java +++ b/src/simpleapdu/DirtyLogger.java @@ -1,14 +1,7 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ package simpleapdu; import java.io.FileOutputStream; import java.io.IOException; -import java.util.logging.Level; -import java.util.logging.Logger; /** * @@ -17,6 +10,7 @@ import java.util.logging.Logger; public class DirtyLogger { FileOutputStream m_logFile; boolean m_bOutputSystemOut = true; + public DirtyLogger(FileOutputStream logFile, boolean bOutputSystemOut) { m_logFile = logFile; m_bOutputSystemOut = bOutputSystemOut; @@ -47,4 +41,8 @@ public class DirtyLogger { } catch (IOException ex) { } } + + void close() throws IOException { + m_logFile.close(); + } } diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 44bf302..241ef4c 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -5,7 +5,13 @@ import applets.SimpleECCApplet; import javacard.framework.ISO7816; import javacard.security.CryptoException; import javacard.security.KeyPair; -import sun.java2d.pipe.SpanShapeRenderer; +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.CommandLineParser; +import org.apache.commons.cli.DefaultParser; +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Option; +import org.apache.commons.cli.Options; +import org.apache.commons.cli.ParseException; import javax.smartcardio.ResponseAPDU; import java.io.FileNotFoundException; @@ -18,13 +24,17 @@ import java.util.Arrays; * @author Petr Svenda petr@svenda.com */ public class SimpleAPDU { - static CardMngr cardManager = new CardMngr(); + private CardMngr cardManager = new CardMngr(); + private DirtyLogger systemOutLogger = null; + + private CommandLineParser cliParser = new DefaultParser(); + private Options opts = new Options(); + private static final String cliHeader = ""; + private static final String cliFooter = ""; private final static byte SELECT_ECTESTERAPPLET[] = {(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x00, (byte) 0x0a, (byte) 0x45, (byte) 0x43, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x30, (byte) 0x31}; - static DirtyLogger m_SystemOutLogger = null; - private static final byte TESTECSUPPORTALL_FP[] = {(byte) 0xB0, (byte) 0x5E, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final byte TESTECSUPPORTALL_F2M[] = {(byte) 0xB0, (byte) 0x5F, (byte) 0x00, (byte) 0x00, (byte) 0x00}; private static final byte TESTECSUPPORT_GIVENALG[] = {(byte) 0xB0, (byte) 0x71, (byte) 0x00, (byte) 0x00, (byte) 0x03, (byte) 0x00, (byte) 0x00, (byte) 0x00}; @@ -38,8 +48,104 @@ public class SimpleAPDU { private static final short INVALIDCURVEB_CORRUPTIONTYPE_OFFSET = 7; private static final short INVALIDCURVEB_REWINDONSUCCESS_OFFSET = 9; - private static final byte TESTECSUPPORT_GENERATEECCKEY[] = {(byte) 0xB0, (byte) 0x5a, (byte) 0x00, (byte) 0x00, (byte) 0x02, (byte) 0x00, (byte) 0x00}; + private static final byte TESTECSUPPORT_GENERATEECCKEY[] = {(byte) 0xB0, (byte) 0x5a, (byte) 0x00, (byte) 0x00, (byte) 0x04, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00}; + private static final short GENERATEECKEY_ALG_OFFSET = 5; + private static final short GENERATEECKEY_KEYLENGTH_OFFSET = 6; + private static final short GENERATEECKEY_ANOMALOUS_OFFSET = 8; + + + public void run(String[] args) { + try { + //parse cmd args + CommandLine cli = parseArgs(args); + + //byte[] installData = new byte[10]; + //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74}; + //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class); + + //do stuff + if (cli.hasOption("help")) { + HelpFormatter help = new HelpFormatter(); + help.printHelp("SimpleAPDU", cliHeader, opts, cliFooter); + } else { + //open log(only when actually doing something) + String logFileName = cli.getOptionValue("output-file", String.format("ECTESTER_log_%d.log", System.currentTimeMillis())); + FileOutputStream stdoutStream = new FileOutputStream(logFileName); + systemOutLogger = new DirtyLogger(stdoutStream, true); + + boolean fp = cli.hasOption("fp"); + boolean f2m = cli.hasOption("f2m"); + if (!fp && !f2m) { + fp = true; + f2m = true; + } + int genAmount = Integer.parseInt(cli.getOptionValue("generate", "0")); + int keyLength = Integer.parseInt(cli.getOptionValue("b", "192")); + + if (cli.hasOption("generate")) { + //generate EC keys + if (fp) { + generateECKeys(genAmount, KeyPair.ALG_EC_FP, (short) keyLength, cli.hasOption("anomalous")); + } + if (f2m) { + generateECKeys(genAmount, KeyPair.ALG_EC_F2M, (short) keyLength, cli.hasOption("anomalous")); + } + } else if (cli.hasOption("test")) { + if (cli.hasOption("bit-length")) { + //test only one bitsize + if (fp) { + testSupportECFp((short) keyLength); + } + if (f2m) { + testSupportECFp((short) keyLength); + } + } else { + //test default bit sizes + testSupportECAll(fp, f2m); + testFPkeyGen((short) 10, EC_Consts.CORRUPTION_ONEBYTERANDOM, true); + } + } else { + systemOutLogger.println("You need to specify one of -t / -g [num] commands."); + } + + //close log + systemOutLogger.close(); + } + + //disconnect + cardManager.DisconnectFromCard(); + } catch (Exception ex) { + if (systemOutLogger != null) { + systemOutLogger.println("Exception : " + ex); + } + } + } + private CommandLine parseArgs(String[] args) throws ParseException { + + opts.addOption("h", "help", false, "show this help"); + opts.addOption(Option.builder("g") + .longOpt("generate") + .hasArg() + .optionalArg(true) + .argName("num") + .desc("generate EC keys").build()); + opts.addOption("t", "test", false, "test EC support (default)"); + opts.addOption(Option.builder("b") + .longOpt("bit-length") + .hasArg() + .argName("bits") + .desc("set EC bit size").build()); + opts.addOption("f2m", "use EC over binary-fields"); + opts.addOption("fp", "user EC over prime-fields (default)"); + opts.addOption("s", "anomalous", false, "generate anomalous (non-prime order, small pubkey order) curves"); + opts.addOption(Option.builder("o") + .longOpt("output-file") + .hasArg() + .argName("file") + .desc("output file to log to").build()); + return cliParser.parse(opts, args); + } static short getShort(byte[] array, int offset) { return (short) (((array[offset] & 0xFF) << 8) | (array[offset + 1] & 0xFF)); @@ -50,190 +156,125 @@ public class SimpleAPDU { array[offset] = (byte) ((value >> 8) & 0xFF); } - static void testFPkeyGen_setNumRepeats(byte[] apduArray, short numRepeats) { - setShort(apduArray, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats); - } - - static void testFPkeyGen_setCorruptionType(byte[] apduArray, short corruptionType) { - setShort(apduArray, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType); - } - - static void testFPkeyGen_rewindOnSuccess(byte[] apduArray, boolean bRewind) { - apduArray[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0; - } + private boolean ReconnnectToCard() throws Exception { + if (cardManager.isConnected()) { + cardManager.DisconnectFromCard(); + } - static CardMngr ReconnnectToCard() throws Exception { - cardManager.DisconnectFromCard(); - if (cardManager.ConnectToCard()) { + boolean result = cardManager.ConnectToCard(); + if (result) { // Select our application on card cardManager.sendAPDU(SELECT_ECTESTERAPPLET); } - return cardManager; + return result; } - static void testSupportECGivenAlg(byte[] apdu, CardMngr cardManager) throws Exception { + private void testFPkeyGen(short numRepeats, short corruptionType, boolean bRewind) throws Exception { + byte[] apdu = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); + setShort(apdu, INVALIDCURVEB_NUMREPEATS_OFFSET, numRepeats); + setShort(apdu, INVALIDCURVEB_CORRUPTIONTYPE_OFFSET, corruptionType); + apdu[INVALIDCURVEB_REWINDONSUCCESS_OFFSET] = bRewind ? (byte) 1 : (byte) 0; + + ReconnnectToCard(); + ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(apdu); + ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); + PrintECKeyGenInvalidCurveB(resp_fp_keygen); + PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); + } + + private void testSupportECGivenAlg(short keyLength, byte keyClass) throws Exception { + byte[] apdu = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); + apdu[TESTECSUPPORT_ALG_OFFSET] = keyClass; + setShort(apdu, TESTECSUPPORT_KEYLENGTH_OFFSET, keyLength); + ReconnnectToCard(); ResponseAPDU resp = cardManager.sendAPDU(apdu); //byte[] resp = cardManager.sendAPDUSimulator(apdu); PrintECSupport(resp); } - static void testSupportECAll(CardMngr cardManager) throws Exception { - byte[] testAPDU = Arrays.copyOf(TESTECSUPPORT_GIVENALG, TESTECSUPPORT_GIVENALG.length); - - testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_FP; - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 128); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 160); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 192); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 224); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 256); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 384); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 521); - testSupportECGivenAlg(testAPDU, cardManager); - - testAPDU[TESTECSUPPORT_ALG_OFFSET] = KeyPair.ALG_EC_F2M; - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 113); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 131); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 163); - testSupportECGivenAlg(testAPDU, cardManager); - setShort(testAPDU, TESTECSUPPORT_KEYLENGTH_OFFSET, (short) 193); - testSupportECGivenAlg(testAPDU, cardManager); - + private void testSupportECFp(short keyLength) throws Exception { + testSupportECGivenAlg(keyLength, KeyPair.ALG_EC_FP); } - public static void main(String[] args) throws FileNotFoundException, IOException { - //parse cli args. Should be replaced with some cli parsing library code in the future. - boolean genKeys = false; - int genAmount = 0; - boolean testAll = false; - if (args.length > 0) { - for (int i = 0; i < args.length; i++) { - if (args[i].equals("-g")) { - genKeys = true; - if (args.length >= i + 1) { - try { - genAmount = Integer.parseInt(args[i + 1]); - }catch (NumberFormatException ignored) { - //is another param, genAmount = 0 by default - genAmount = 0; - } + private void testSupportECF2m(short keyLength) throws Exception { + testSupportECGivenAlg(keyLength, KeyPair.ALG_EC_F2M); + } - } - } else if (args[i].equals("-a")) { - testAll = true; - } - } + private void testSupportECAll(boolean testFp, boolean testF2m) throws Exception { + if (testFp) { + testSupportECFp((short) 128); + testSupportECFp((short) 192); + testSupportECFp((short) 224); + testSupportECFp((short) 256); + testSupportECFp((short) 384); + testSupportECFp((short) 521); } - //by default do the test - if (!genKeys && !testAll) { - testAll = true; + if (testF2m) { + testSupportECF2m((short) 113); + testSupportECF2m((short) 131); + testSupportECF2m((short) 163); + testSupportECF2m((short) 193); } + } + private void generateECKeys(int amount, byte keyClass, short keyLength, boolean anomalous) throws Exception { + if (cardManager.ConnectToCardSelect()) { + cardManager.sendAPDU(SELECT_ECTESTERAPPLET); - String logFileName = String.format("ECTESTER_log_%d.log", System.currentTimeMillis()); - FileOutputStream systemOutLogger = new FileOutputStream(logFileName); - m_SystemOutLogger = new DirtyLogger(systemOutLogger, true); - - try { - if (testAll) { - //byte[] installData = new byte[10]; - //byte[] AID = {(byte) 0x4C, (byte) 0x61, (byte) 0x62, (byte) 0x61, (byte) 0x6B, (byte) 0x41, (byte) 0x70, (byte) 0x70, (byte) 0x6C, (byte) 0x65, (byte) 0x74}; - //cardManager.prepareLocalSimulatorApplet(AID, installData, SimpleECCApplet.class); - if (cardManager.ConnectToCard()) { - - // Test all default curves for both fields - testSupportECAll(cardManager); - - // Test setting invalid parameter B of curve - byte[] testAPDU = Arrays.copyOf(TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB, TESTECSUPPORTALL_FP_KEYGEN_INVALIDCURVEB.length); - testFPkeyGen_setCorruptionType(testAPDU, EC_Consts.CORRUPTION_ONEBYTERANDOM); - testFPkeyGen_setNumRepeats(testAPDU, (short) 10); - testFPkeyGen_rewindOnSuccess(testAPDU, true); - - ReconnnectToCard(); - ResponseAPDU resp_fp_keygen = cardManager.sendAPDU(testAPDU); - ResponseAPDU resp_keygen_params = cardManager.sendAPDU(TESTECSUPPORTALL_LASTUSEDPARAMS); - PrintECKeyGenInvalidCurveB(resp_fp_keygen); - PrintECKeyGenInvalidCurveB_lastUserParams(resp_keygen_params); - - cardManager.DisconnectFromCard(); - } else { - m_SystemOutLogger.println("Failed to connect to card"); + String keyFileName = String.format("ECKEYS_%s_%d.log", keyClass == KeyPair.ALG_EC_FP ? "fp" : "f2m", System.currentTimeMillis()); + FileOutputStream keysFile = new FileOutputStream(keyFileName); + + String message = "index;time;pubW;privS\n"; + keysFile.write(message.getBytes()); + byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length); + // Prepare keypair object + gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE; + gatherKeyAPDU[GENERATEECKEY_ALG_OFFSET] = keyClass; + setShort(gatherKeyAPDU, GENERATEECKEY_KEYLENGTH_OFFSET, keyLength); + gatherKeyAPDU[GENERATEECKEY_ANOMALOUS_OFFSET] = anomalous ? (byte) 1 : (byte) 0; + ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); + + // Generate new keypair + gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; + int counter = 0; + while (true) { + counter++; + long elapsed = -System.nanoTime(); + respGather = cardManager.sendAPDU(gatherKeyAPDU); + elapsed += System.nanoTime(); + + byte[] data = respGather.getData(); + int offset = 0; + String pubKeyW = ""; + String privKeyS = ""; + if (data[offset] == EC_Consts.TAG_ECPUBKEY) { + offset++; + short len = getShort(data, offset); + offset += 2; + pubKeyW = CardMngr.bytesToHex(data, offset, len, false); + offset += len; + } + if (data[offset] == EC_Consts.TAG_ECPRIVKEY) { + offset++; + short len = getShort(data, offset); + offset += 2; + privKeyS = CardMngr.bytesToHex(data, offset, len, false); + offset += len; } - } - - if (genKeys) { - // Gather large number of ECC keypairs - if (cardManager.ConnectToCardSelect()) { - cardManager.sendAPDU(SELECT_ECTESTERAPPLET); - - String keyFileName = String.format("ECKEYS_%d.log", System.currentTimeMillis()); - FileOutputStream keysFile = new FileOutputStream(keyFileName); - - String message = "index;time;pubW;privS\n"; - keysFile.write(message.getBytes()); - byte[] gatherKeyAPDU = Arrays.copyOf(TESTECSUPPORT_GENERATEECCKEY, TESTECSUPPORT_GENERATEECCKEY.length); - // Prepare keypair object - gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_SETCURVE; - setShort(gatherKeyAPDU, (short) 5, (short) 192); // ecc length - ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); - - // Generate new keypair - gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; - int counter = 0; - while (true) { - counter++; - long elapsed = -System.nanoTime(); - respGather = cardManager.sendAPDU(gatherKeyAPDU); - elapsed += System.nanoTime(); - - byte[] data = respGather.getData(); - int offset = 0; - String pubKeyW = ""; - String privKeyS = ""; - if (data[offset] == EC_Consts.TAG_ECPUBKEY) { - offset++; - short len = getShort(data, offset); - offset += 2; - pubKeyW = CardMngr.bytesToHex(data, offset, len, false); - offset += len; - } - if (data[offset] == EC_Consts.TAG_ECPRIVKEY) { - offset++; - short len = getShort(data, offset); - offset += 2; - privKeyS = CardMngr.bytesToHex(data, offset, len, false); - offset += len; - } - message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS); - keysFile.write(message.getBytes()); + message = String.format("%d;%d;%s;%s\n", counter, elapsed / 1000000, pubKeyW, privKeyS); + keysFile.write(message.getBytes()); - m_SystemOutLogger.flush(); - keysFile.flush(); + this.systemOutLogger.flush(); + keysFile.flush(); - //stop when we have enough keys, go on forever with 0 - if (counter >= genAmount && genAmount != 0) - break; - } - } + //stop when we have enough keys, go on forever with 0 + if (counter >= amount && amount != 0) + break; } - - - } catch (Exception ex) { - m_SystemOutLogger.println("Exception : " + ex); } - - systemOutLogger.close(); } static String getPrintError(short code) { @@ -278,12 +319,12 @@ public class SimpleAPDU { MUST_FAIL } - static int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) { + private int VerifyPrintResult(String message, byte expectedTag, byte[] buffer, int bufferOffset, ExpResult expRes) { if (bufferOffset >= buffer.length) { - m_SystemOutLogger.println(" No more data returned"); + systemOutLogger.println(" No more data returned"); } else { if (buffer[bufferOffset] != expectedTag) { - m_SystemOutLogger.println(" ERROR: mismatched tag"); + systemOutLogger.println(" ERROR: mismatched tag"); assert (buffer[bufferOffset] == expectedTag); } bufferOffset++; @@ -298,22 +339,21 @@ public class SimpleAPDU { bHiglight = true; } if (bHiglight) { - m_SystemOutLogger.println(String.format("!! %-50s%s", message, getPrintError(resCode))); + systemOutLogger.println(String.format("!! %-53s%s", message, getPrintError(resCode))); } else { - m_SystemOutLogger.println(String.format(" %-50s%s", message, getPrintError(resCode))); + systemOutLogger.println(String.format(" %-53s%s", message, getPrintError(resCode))); } } return bufferOffset; } - static void PrintECSupport(ResponseAPDU resp) { + private void PrintECSupport(ResponseAPDU resp) { PrintECSupport(resp.getData()); } - static void PrintECSupport(byte[] buffer) { - - m_SystemOutLogger.println(); - m_SystemOutLogger.println("### Test for support and with valid and invalid EC curves"); + private void PrintECSupport(byte[] buffer) { + systemOutLogger.println(); + systemOutLogger.println("### Test for support and with valid and invalid EC curves"); int bufferOffset = 0; while (bufferOffset < buffer.length) { assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR); @@ -325,10 +365,10 @@ public class SimpleAPDU { if (buffer[bufferOffset] == KeyPair.ALG_EC_F2M) { ecType = "ALG_EC_F2M"; } - m_SystemOutLogger.println(String.format("%-53s%s", "EC type:", ecType)); + systemOutLogger.println(String.format("%-56s%s", "EC type:", ecType)); bufferOffset++; short keyLen = getShort(buffer, bufferOffset); - m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); + systemOutLogger.println(String.format("%-56s%d bits", "EC key length (bits):", keyLen)); bufferOffset += 2; bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); @@ -346,18 +386,17 @@ public class SimpleAPDU { bufferOffset = VerifyPrintResult("Set invalid field (may fail):", SimpleECCApplet.ECTEST_SET_INVALIDFIELD, buffer, bufferOffset, ExpResult.MAY_FAIL); bufferOffset = VerifyPrintResult("Generate key with invalid field (fail si good):", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_INVALIDFIELD, buffer, bufferOffset, ExpResult.MUST_FAIL); - m_SystemOutLogger.println(); + systemOutLogger.println(); } } - static void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) { + private void PrintECKeyGenInvalidCurveB(ResponseAPDU resp) { PrintECKeyGenInvalidCurveB(resp.getData()); } - static void PrintECKeyGenInvalidCurveB(byte[] buffer) { - - m_SystemOutLogger.println(); - m_SystemOutLogger.println("### Test for computation with invalid parameter B for EC curve"); + private void PrintECKeyGenInvalidCurveB(byte[] buffer) { + systemOutLogger.println(); + systemOutLogger.println("### Test for computation with invalid parameter B for EC curve"); int bufferOffset = 0; while (bufferOffset < buffer.length) { assert (buffer[bufferOffset] == SimpleECCApplet.ECTEST_SEPARATOR); @@ -369,15 +408,15 @@ public class SimpleAPDU { if (buffer[bufferOffset] == KeyPair.ALG_EC_F2M) { ecType = "ALG_EC_F2M"; } - m_SystemOutLogger.println(String.format("%-53s%s", "EC type:", ecType)); + systemOutLogger.println(String.format("%-53s%s", "EC type:", ecType)); bufferOffset++; short keyLen = getShort(buffer, bufferOffset); - m_SystemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); + systemOutLogger.println(String.format("%-53s%d bits", "EC key length (bits):", keyLen)); bufferOffset += 2; short numRepeats = getShort(buffer, bufferOffset); bufferOffset += 2; - m_SystemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); + systemOutLogger.println(String.format("%-53s%d times", "Executed repeats before unexpected error: ", numRepeats)); bufferOffset = VerifyPrintResult("KeyPair object allocation:", SimpleECCApplet.ECTEST_ALLOCATE_KEYPAIR, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); while (bufferOffset < buffer.length) { @@ -390,18 +429,22 @@ public class SimpleAPDU { bufferOffset = VerifyPrintResult("Generate key with valid curve:", SimpleECCApplet.ECTEST_GENERATE_KEYPAIR_CUSTOMCURVE, buffer, bufferOffset, ExpResult.SHOULD_SUCCEED); } - m_SystemOutLogger.println(); + systemOutLogger.println(); } } - static void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) { + private void PrintECKeyGenInvalidCurveB_lastUserParams(ResponseAPDU resp) { byte[] buffer = resp.getData(); short offset = 0; - m_SystemOutLogger.print("Last used value of B: "); + systemOutLogger.print("Last used value of B: "); while (offset < buffer.length) { - m_SystemOutLogger.print(String.format("%x ", buffer[offset])); + systemOutLogger.print(String.format("%x ", buffer[offset])); offset++; } + } + public static void main(String[] args) throws FileNotFoundException, IOException { + SimpleAPDU app = new SimpleAPDU(); + app.run(args); } } -- cgit v1.2.3-70-g09d2 From da1ee8381f2f7eaf1cfcd4941ec9f95287435625 Mon Sep 17 00:00:00 2001 From: J08nY Date: Sun, 11 Dec 2016 14:20:00 +0100 Subject: Fixed some issues with errors in key generation, and their propagation --- !uploader/simpleECC.cap | Bin 18296 -> 18330 bytes dist/SimpleAPDU.jar | Bin 470966 -> 471079 bytes src/applets/ECKeyGenerator.java | 8 ++--- src/applets/SimpleECCApplet.java | 63 ++++++++++++++++++++------------------- src/simpleapdu/SimpleAPDU.java | 11 +++++++ 5 files changed, 47 insertions(+), 35 deletions(-) (limited to 'src/simpleapdu/SimpleAPDU.java') diff --git a/!uploader/simpleECC.cap b/!uploader/simpleECC.cap index 52fef17..886ce88 100644 Binary files a/!uploader/simpleECC.cap and b/!uploader/simpleECC.cap differ diff --git a/dist/SimpleAPDU.jar b/dist/SimpleAPDU.jar index 1e96259..be5599a 100644 Binary files a/dist/SimpleAPDU.jar and b/dist/SimpleAPDU.jar differ diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java index 491cd86..2eb5679 100644 --- a/src/applets/ECKeyGenerator.java +++ b/src/applets/ECKeyGenerator.java @@ -215,8 +215,8 @@ public class ECKeyGenerator { public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) { if (key == KEY_BOTH) { - return -1; - }//TODO: change error handling. + ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); + } short length = 0; try { switch (param) { @@ -255,9 +255,9 @@ public class ECKeyGenerator { ISOException.throwIt(ISO7816.SW_FUNC_NOT_SUPPORTED); } } catch (CryptoException ce) { - length = -1; + ISOException.throwIt(ce.getReason()); } catch (Exception e) { - length = -1; + ISOException.throwIt(ISO7816.SW_UNKNOWN); } return length; } diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java index ecdfa4e..a56250c 100644 --- a/src/applets/SimpleECCApplet.java +++ b/src/applets/SimpleECCApplet.java @@ -14,22 +14,22 @@ public class SimpleECCApplet extends Applet { final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0; // INSTRUCTIONS - final static byte INS_GENERATEKEY = (byte) 0x5a; - final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; - - final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; - final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; - - final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; - final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; - final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; - final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; - final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72; - final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; - - - public final static byte P1_SETCURVE = (byte) 0x01; - public final static byte P1_GENERATEKEYPAIR = (byte) 0x02; + final static byte INS_GENERATEKEY = (byte) 0x5a; + final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b; + + final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c; + final static byte INS_DERIVEECDHSECRET = (byte) 0x5d; + + final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e; + final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f; + final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70; + final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71; + final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72; + final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40; + + + public final static byte P1_SETCURVE = (byte) 0x01; + public final static byte P1_GENERATEKEYPAIR = (byte) 0x02; final static short ARRAY_LENGTH = (short) 0xff; @@ -213,11 +213,11 @@ public class SimpleECCApplet extends Applet { case INS_ALLOCATEKEYPAIRS: AllocateKeyPairs(apdu); break; -*/ +*/ case INS_GENERATEKEY: GenerateAndReturnKey(apdu); break; - default : + default: // The INS code is not supported by the dispatcher ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); break; @@ -393,7 +393,7 @@ public class SimpleECCApplet extends Applet { bufferOffset++; sw = SW_SKIPPED; if ((testFlags & FLAG_ECTEST_ECDH_AGREEMENT_SMALL_DEGREE_POINT) != (short) 0) { - short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass,keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0); + short pubLength = EC_Consts.getCurveParameter(EC_Consts.getAnomalousCurve(keyClass, keyLen), EC_Consts.PARAMETER_W, m_ramArray, (short) 0); ecPrivKey = ecKeyGenerator.getPrivateKey(); sw = ecKeyTester.testECDH(ecPrivKey, m_ramArray, (short) 0, pubLength, m_ramArray2, (short) 1); } @@ -718,7 +718,6 @@ public class SimpleECCApplet extends Applet { bufferOffset += 2; - // // 2. Set invalid custom curve (many times) // @@ -919,23 +918,23 @@ public class SimpleECCApplet extends Applet { short offset = ISO7816.OFFSET_CDATA; byte keyClass = apdubuf[offset]; offset++; - + short keyLength = Util.getShort(apdubuf, offset); - offset+=2; + offset += 2; byte anomalous = apdubuf[offset]; offset = 0; - + switch (apdubuf[ISO7816.OFFSET_P1]) { case P1_SETCURVE: { ecKeyGenerator.allocatePair(keyClass, keyLength); - if(anomalous != 0) { + + if (anomalous != 0) { ecKeyGenerator.setCustomAnomalousCurve(keyClass, keyLength, m_ramArray, (short) 0); } else { ecKeyGenerator.setCustomCurve(keyClass, keyLength, m_ramArray, (short) 0); } - ecKeyGenerator.generatePair(); ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); @@ -943,7 +942,10 @@ public class SimpleECCApplet extends Applet { } case P1_GENERATEKEYPAIR: { // Assumption: proper EC keyPair is already allocated and initialized - ecKeyGenerator.generatePair(); + short sw = ecKeyGenerator.generatePair(); + if (sw != ISO7816.SW_NO_ERROR) { + ISOException.throwIt(sw); + } ecPubKey = ecKeyGenerator.getPublicKey(); ecPrivKey = ecKeyGenerator.getPrivateKey(); @@ -951,19 +953,18 @@ public class SimpleECCApplet extends Applet { apdubuf[offset] = EC_Consts.TAG_ECPUBKEY; offset++; offset += 2; // reserve space for length - short len = ecPubKey.getW(apdubuf, offset); + short len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PUBLIC, EC_Consts.PARAMETER_W, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; apdubuf[offset] = EC_Consts.TAG_ECPRIVKEY; offset++; offset += 2; // reserve space for length - len = ecPrivKey.getS(apdubuf, offset); + len = ecKeyGenerator.exportParameter(ECKeyGenerator.KEY_PRIVATE, EC_Consts.PARAMETER_S, apdubuf, offset); Util.setShort(apdubuf, (short) (offset - 2), len); offset += len; - break; } - default: + default: ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); } @@ -1019,7 +1020,7 @@ public class SimpleECCApplet extends Applet { } -*/ +*/ } diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java index 241ef4c..4f291f0 100644 --- a/src/simpleapdu/SimpleAPDU.java +++ b/src/simpleapdu/SimpleAPDU.java @@ -234,7 +234,13 @@ public class SimpleAPDU { gatherKeyAPDU[GENERATEECKEY_ALG_OFFSET] = keyClass; setShort(gatherKeyAPDU, GENERATEECKEY_KEYLENGTH_OFFSET, keyLength); gatherKeyAPDU[GENERATEECKEY_ANOMALOUS_OFFSET] = anomalous ? (byte) 1 : (byte) 0; + ResponseAPDU respGather = cardManager.sendAPDU(gatherKeyAPDU); + if (respGather.getSW() != ISO7816.SW_NO_ERROR) { + systemOutLogger.println(String.format("Card error: %x", respGather.getSW())); + keysFile.close(); + return; + } // Generate new keypair gatherKeyAPDU[ISO7816.OFFSET_P1] = SimpleECCApplet.P1_GENERATEKEYPAIR; @@ -245,6 +251,10 @@ public class SimpleAPDU { respGather = cardManager.sendAPDU(gatherKeyAPDU); elapsed += System.nanoTime(); + if (respGather.getSW() != ISO7816.SW_NO_ERROR) { + systemOutLogger.println(String.format("Card error: %x", respGather.getSW())); + break; + } byte[] data = respGather.getData(); int offset = 0; String pubKeyW = ""; @@ -274,6 +284,7 @@ public class SimpleAPDU { if (counter >= amount && amount != 0) break; } + keysFile.close(); } } -- cgit v1.2.3-70-g09d2