From c2be46f5881a3a8e63c0815de28f0516ceeb7bcc Mon Sep 17 00:00:00 2001
From: J08nY
Date: Wed, 2 Nov 2016 21:05:56 +0100
Subject: Implemented External curve setting on applet side

SimpleECCApplet: added TestEC_SupportExternal which receives an FP or
F2M elliptic curve parameters in an APDU, sets it and tries ECDH, ECDSA.
ECKeyGenerator: added setExternalCurve, which reads and sets external
parameters from one buffer, with data order:
field | a | b | g | r | k
---
 src/applets/ECKeyGenerator.java  |  33 ++++++++
 src/applets/SimpleECCApplet.java | 169 +++++++++++++++++++++++++++++++++++++--
 src/simpleapdu/SimpleAPDU.java   |   6 ++
 3 files changed, 200 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/applets/ECKeyGenerator.java b/src/applets/ECKeyGenerator.java
index 393c249..28b3ed3 100644
--- a/src/applets/ECKeyGenerator.java
+++ b/src/applets/ECKeyGenerator.java
@@ -70,6 +70,7 @@ public class ECKeyGenerator {
         }
         if (sw != ISO7816.SW_NO_ERROR) return sw;
 
+        //go through all params
         for (byte param = EC_Consts.PARAMETER_A; param <= EC_Consts.PARAMETER_K; param = (byte)(param << 1)) {
             length = EC_Consts.getCurveParameter(curve, param, buffer, offset);
             sw = setExternalParameter(KEY_BOTH, param, buffer, offset, length);
@@ -159,6 +160,38 @@ public class ECKeyGenerator {
         return result;
     }
 
+    public short setExternalCurve(byte key, byte keyClass, byte[] buffer, short offset, short fieldLength, short aLength, short bLength, short gxLength, short gyLength, short rLength){
+        short sw = ISO7816.SW_NO_ERROR;
+        if (keyClass == KeyPair.ALG_EC_FP) {
+            sw = setExternalParameter(key, EC_Consts.PARAMETER_FP, buffer, offset, fieldLength);
+        } else if (keyClass == KeyPair.ALG_EC_F2M) {
+            sw = setExternalParameter(key, EC_Consts.PARAMETER_F2M, buffer, offset, fieldLength);
+        }
+        if (sw != ISO7816.SW_NO_ERROR) return sw;
+
+        offset += fieldLength;
+
+        //go through all params
+        sw = setExternalParameter(key, EC_Consts.PARAMETER_A, buffer, offset, aLength);
+        if (sw != ISO7816.SW_NO_ERROR) return sw;
+        offset += aLength;
+        sw = setExternalParameter(key, EC_Consts.PARAMETER_B, buffer, offset, bLength);
+        if (sw != ISO7816.SW_NO_ERROR) return sw;
+        offset += bLength;
+
+        sw = setExternalParameter(key, EC_Consts.PARAMETER_G, buffer, offset, (short) (gxLength + gyLength));
+        if (sw != ISO7816.SW_NO_ERROR) return sw;
+        offset += gxLength + gyLength;
+
+
+        sw = setExternalParameter(key, EC_Consts.PARAMETER_R, buffer, offset, aLength);
+        if (sw != ISO7816.SW_NO_ERROR) return sw;
+        offset += rLength;
+
+        sw = setExternalParameter(key, EC_Consts.PARAMETER_K, buffer, offset, (short) 2);
+        return sw;
+    }
+
     public short exportParameter(byte key, short param, byte[] outputBuffer, short outputOffset) {
         if (key == KEY_BOTH) {
             return -1;
diff --git a/src/applets/SimpleECCApplet.java b/src/applets/SimpleECCApplet.java
index 683e61d..3b5b514 100644
--- a/src/applets/SimpleECCApplet.java
+++ b/src/applets/SimpleECCApplet.java
@@ -11,20 +11,21 @@ import javacard.security.*;
 public class SimpleECCApplet extends javacard.framework.Applet {
 
     // MAIN INSTRUCTION CLASS
-    final static byte CLA_SIMPLEECCAPPLET =         (byte) 0xB0;
+    final static byte CLA_SIMPLEECCAPPLET = (byte) 0xB0;
 
     // INSTRUCTIONS
-    final static byte INS_GENERATEKEY =             (byte) 0x5a;
-    final static byte INS_ALLOCATEKEYPAIRS =        (byte) 0x5b;
+    final static byte INS_GENERATEKEY = (byte) 0x5a;
+    final static byte INS_ALLOCATEKEYPAIRS = (byte) 0x5b;
 
-    final static byte INS_ALLOCATEKEYPAIR =         (byte) 0x5c;
-    final static byte INS_DERIVEECDHSECRET =        (byte) 0x5d;
+    final static byte INS_ALLOCATEKEYPAIR = (byte) 0x5c;
+    final static byte INS_DERIVEECDHSECRET = (byte) 0x5d;
 
-    final static byte INS_TESTECSUPPORTALL_FP =     (byte) 0x5e;
-    final static byte INS_TESTECSUPPORTALL_F2M =    (byte) 0x5f;
+    final static byte INS_TESTECSUPPORTALL_FP = (byte) 0x5e;
+    final static byte INS_TESTECSUPPORTALL_F2M = (byte) 0x5f;
     final static byte INS_TESTEC_GENERATEINVALID_FP = (byte) 0x70;
     final static byte INS_TESTECSUPPORT_GIVENALG = (byte) 0x71;
-    final static byte INS_TESTEC_LASTUSEDPARAMS =   (byte) 0x40;
+    final static byte INS_TESTECSUPPORT_EXTERNAL = (byte) 0x72;
+    final static byte INS_TESTEC_LASTUSEDPARAMS = (byte) 0x40;
 
 
     final static short ARRAY_LENGTH = (short) 0xff;
@@ -45,6 +46,9 @@ public class SimpleECCApplet extends javacard.framework.Applet {
     public final static byte ECTEST_ECDH_AGREEMENT_INVALID_POINT = (byte) 0xc8;
     public final static byte ECTEST_EXECUTED_REPEATS = (byte) 0xc9;
     public final static byte ECTEST_DH_GENERATESECRET = (byte) 0xca;
+    public final static byte ECTEST_SET_EXTERNALCURVE = (byte) 0xcb;
+    public final static byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE = (byte) 0xcc;
+    public final static byte ECTEST_ECDSA_SIGNATURE = (byte) 0xcd;
 
     public final static short FLAG_ECTEST_ALLOCATE_KEYPAIR = (short) 0x0001;
     public final static short FLAG_ECTEST_GENERATE_KEYPAIR_DEFCURVE = (short) 0x0002;
@@ -188,6 +192,9 @@ public class SimpleECCApplet extends javacard.framework.Applet {
                 case INS_TESTEC_LASTUSEDPARAMS:
                     TestECSupportInvalidCurve_lastUsedParams(apdu);
                     break;
+                case INS_TESTECSUPPORT_EXTERNAL:
+                    TestEC_SupportExternal(apdu);
+                    break;
 /*                    
                 case INS_ALLOCATEKEYPAIRS:
                     AllocateKeyPairs(apdu);
@@ -391,6 +398,152 @@ public class SimpleECCApplet extends javacard.framework.Applet {
         apdu.setOutgoingAndSend((short) 0, dataOffset);
     }
 
+    short TestECSupportExternalCurve(byte keyClass, short keyLength, byte[] buffer, short bufferOffset, short outputOffset) {
+        short startOffset = outputOffset;
+
+        short fieldLength = Util.getShort(buffer, bufferOffset);
+        bufferOffset += 2;
+        short aLength = Util.getShort(buffer, bufferOffset);
+        bufferOffset += 2;
+        short bLength = Util.getShort(buffer, bufferOffset);
+        bufferOffset += 2;
+        short gxLength = Util.getShort(buffer, bufferOffset);
+        bufferOffset += 2;
+        short gyLength = Util.getShort(buffer, bufferOffset);
+        bufferOffset += 2;
+        short rLength = Util.getShort(buffer, bufferOffset);
+        bufferOffset += 2;
+
+        buffer[outputOffset] = ECTEST_SEPARATOR;
+        outputOffset++;
+
+        // allocatePair
+        buffer[outputOffset] = ECTEST_ALLOCATE_KEYPAIR;
+        outputOffset++;
+        short sw = ecKeyGenerator.allocatePair(keyClass, keyLength);
+        Util.setShort(buffer, outputOffset, sw);
+        outputOffset += 2;
+        if (sw != ISO7816.SW_NO_ERROR) {
+            return (short) (outputOffset - startOffset);
+        }
+
+        // setExternalParam -> forall in {field, a, b, g, r, k}
+        buffer[outputOffset] = ECTEST_SET_EXTERNALCURVE;
+        outputOffset++;
+        sw = ecKeyGenerator.setExternalCurve(ECKeyGenerator.KEY_BOTH, keyClass, buffer, bufferOffset, fieldLength, aLength, bLength, gxLength, gyLength, rLength);
+        Util.setShort(buffer, outputOffset, sw);
+        outputOffset += 2;
+        if (sw != ISO7816.SW_NO_ERROR) {
+            return (short) (outputOffset - startOffset);
+        }
+
+        // generatePair
+        buffer[outputOffset] = ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE;
+        outputOffset++;
+        sw = ecKeyGenerator.generatePair();
+        Util.setShort(buffer, outputOffset, sw);
+        outputOffset += 2;
+        if (sw != ISO7816.SW_NO_ERROR) {
+            return (short) (outputOffset - startOffset);
+        }
+
+        ecPubKey = ecKeyGenerator.getPublicKey();
+        ecPrivKey = ecKeyGenerator.getPrivateKey();
+
+        // test_ECDH
+        buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_VALID_POINT;
+        outputOffset++;
+        sw = ecKeyTester.testECDH_validPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0);
+        Util.setShort(buffer, outputOffset, sw);
+        outputOffset += 2;
+        if (sw != ISO7816.SW_NO_ERROR) {
+            return (short) (outputOffset - startOffset);
+        }
+
+        // test_ECDH invalid
+        buffer[outputOffset] = ECTEST_ECDH_AGREEMENT_INVALID_POINT;
+        outputOffset++;
+        sw = ecKeyTester.testECDH_invalidPoint(ecPrivKey, ecPubKey, m_ramArray, (short) 0, m_ramArray2, (short) 0);
+        Util.setShort(buffer, outputOffset, sw);
+        outputOffset += 2;
+        if (sw != ISO7816.SW_NO_ERROR) {
+            return (short) (outputOffset - startOffset);
+        }
+
+        // test_ECDSA
+        buffer[outputOffset] = ECTEST_ECDSA_SIGNATURE;
+        outputOffset++;
+        randomData.generateData(m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2));
+        sw = ecKeyTester.testECDSA(ecPrivKey, ecPubKey, m_ramArray, (short) 0, (short) (ARRAY_LENGTH / 2), m_ramArray2, (short) 0);
+        Util.setShort(buffer, outputOffset, sw);
+        outputOffset += 2;
+        if (sw != ISO7816.SW_NO_ERROR) {
+            return (short) (outputOffset - startOffset);
+        }
+
+        return (short) (outputOffset - startOffset);
+    }
+
+    /**
+     * Receives an FP or F2M elliptic curve parameters in the APDU.
+     * Then allocates a new keypair, sets said curve and tries ECDH, ECDSA.
+     * APDU format:
+     * byte CLA = CLA_SIMPLEECCAPPLET
+     * byte INS = INS_TESTECSUPPORT_EXTERNAL
+     * byte P0
+     * byte P1
+     * <p>
+     * CDATA:
+     * byte keyClass -> KeyPair.ALG_EC_FP or KeyPair.ALG_EC_F2\M
+     * short keyLength
+     * short fieldLength
+     * short aLength
+     * short bLength
+     * short gxLength
+     * short gyLength
+     * short rLength
+     * field -> FP: prime / F2M: three or one short representing the reduction polynomial
+     * a
+     * b
+     * gx
+     * gy
+     * r
+     * short k
+     * <p>
+     * Response APDU format:
+     * CDATA:
+     * byte ECTEST_SEPARATOR
+     * byte ECTEST_ALLOCATE_KEYPAIR
+     * short sw
+     * byte ECTEST_SET_EXTERNALCURVE
+     * short sw
+     * byte ECTEST_GENERATE_KEYPAIR_EXTERNALCURVE
+     * short sw
+     * byte ECTEST_ECDH_AGREEMENT_VALID_POINT
+     * short sw
+     * byte ECTEST_ECDH_AGREEMENT_INVALID_POINT
+     * short sw
+     * byte ECTEST_ECDSA_SIGNATURE
+     * short sw
+     *
+     * @param apdu
+     */
+    void TestEC_SupportExternal(APDU apdu) {
+        byte[] apdubuf = apdu.getBuffer();
+        short len = apdu.setIncomingAndReceive();
+
+        short offset = ISO7816.OFFSET_CDATA;
+        byte keyClass = apdubuf[offset];
+        ++offset;
+        short keyLength = Util.getShort(apdubuf, offset);
+        offset += 2;
+
+        short dataLength = TestECSupportExternalCurve(keyClass, keyLength, apdubuf, offset, (short) 0);
+
+        apdu.setOutgoingAndSend((short) 0, dataLength);
+    }
+
+
     void TestEC_FP_GenerateInvalidCurve(APDU apdu) {
         byte[] apdubuf = apdu.getBuffer();
         short len = apdu.setIncomingAndReceive();
diff --git a/src/simpleapdu/SimpleAPDU.java b/src/simpleapdu/SimpleAPDU.java
index 5baf9a6..7401509 100644
--- a/src/simpleapdu/SimpleAPDU.java
+++ b/src/simpleapdu/SimpleAPDU.java
@@ -168,6 +168,12 @@ public class SimpleAPDU {
             if (code == SimpleECCApplet.SW_INVALID_CORRUPTION_TYPE) {
                 codeStr = "SW_INVALID_CORRUPTION_TYPE";
             }
+            if (code == SimpleECCApplet.SW_SIG_LENGTH_MISMATCH) {
+                codeStr = "SW_SIG_LENGTH_MISMATCH";
+            }
+            if (code == SimpleECCApplet.SW_SIG_VERIFY_FAIL) {
+                codeStr = "SW_SIG_VERIFY_FAIL";
+            }
             return String.format("fail\t(%s,\t0x%4x)", codeStr, code);
         }
     }
-- 
cgit v1.2.3-70-g09d2