Merge branch 'devel'

.gitignore

@@ -24,6 +24,7 @@
 /dist/*.degenerate
 /dist/*.edge-cases
 /dist/*.xml
+/dist/*.yml
 
 # Built binaries in /src.
 /src/**/*.a
@@ -34,3 +35,6 @@
 /src/**/*.exp
 /src/**/*.lib
 /src/**/*.pdb
+
+# Python stuff
+/util/__pycache__/

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2016-2018
+Copyright (c) 2016-2019
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -53,18 +53,18 @@ See `java -jar ECTesterReader.jar -h`, `java -jar ECTesterReader.jar -ls` and [D
  -t,--test <test_suite[:from[:to]]>   Test ECC support. Optionally specify
                                       a test number to run only a part of
                                       a test suite. <test_suite>:
-                                      - default:
-                                      - compression:
-                                      - invalid:
-                                      - twist:
-                                      - degenerate:
-                                      - cofactor:
-                                      - wrong:
-                                      - signature:
-                                      - composite:
-                                      - test-vectors:
-                                      - edge-cases:
-                                      - miscellaneous:
+                                      - default
+                                      - compression
+                                      - invalid
+                                      - twist
+                                      - degenerate
+                                      - cofactor
+                                      - wrong
+                                      - signature
+                                      - composite
+                                      - test-vectors
+                                      - edge-cases
+                                      - miscellaneous
  -dh,--ecdh <count>                   Do EC KeyAgreement (ECDH...),
                                       [count] times.
  -dsa,--ecdsa <count>                 Sign data with ECDSA, [count] times.
@@ -109,12 +109,21 @@ See `java -jar ECTesterReader.jar -h`, `java -jar ECTesterReader.jar -ls` and [D
                                       running command in dry run mode and
                                       normal mode, and subtracting the
                                       two.
+    --time-unit <unit>                Use given time unit in measurement,
+                                      one of: milli, micro, nano.
     --cleanup                         Send the cleanup command trigerring
                                       JCSystem.requestObjectDeletion()
                                       after some operations.
  -s,--simulate                        Simulate a card with jcardsim
                                       instead of using a terminal.
  -y,--yes                             Accept all warnings and prompts.
+ -to,--test-options <options>         Test options to use:
+                                      - preset: Use preset semi-random
+                                      private keys (derived from curve)
+                                      instead of generating keypairs on
+                                      the cards when the test needs one.
+                                      - random: Use fully random private
+                                      keys instead of generating keypairs.
  -ka,--ka-type <type>                 Set KeyAgreement object [type],
                                       corresponds to JC.KeyAgreement
                                       constants.
@@ -198,7 +207,8 @@ Lists the implemented test suites and gives their short description.
 Get and print ECTester applet info from an applet installed on a card.
 
 Outputs:
-
+ - Card ATR
+ - Negotiated protocol (T=0/T=1)
  - ECTester applet version
  - ECTester APDU support (basic/extended APDU)
  - JavaCard API version

build-applet.xml

@@ -16,13 +16,13 @@
 
 	<!-- applet properties -->
 	<property name="pkg_aid" value="4543546573746572"/>
-	<property name="applet_aid" value="45435465737465723031"/>
+	<property name="applet_aid_221" value="454354657374657230333262"/> <!--// VERSION v0.3.2 -->
+	<property name="applet_aid_222" value="454354657374657230333278"/> <!--// VERSION v0.3.2 -->
 	<property name="cap_221" value="ectester221.cap"/>
 	<property name="cap_222" value="ectester222.cap"/>
 	<property name="cap" value="${cap_222}"/>
 
 
-
 	<condition property="cap_extended">
 		<equals arg1="${cap}" arg2="${cap_222}"/>
 	</condition>
@@ -42,16 +42,16 @@
 
 	<target name="build-221" description="Builds the CAP file for JavaCard 2.2.1." unless="cap_extended">
 		<javacard jckit="${JC221}">
-			<cap output="applet/ectester221.cap" sources="src/cz/crcs/ectester/applet" aid="${pkg_aid}" excludes="ECTesterAppletExtended.*">
-				<applet class="cz.crcs.ectester.applet.ECTesterApplet" aid="${applet_aid}"/>
+			<cap verify="false" output="applet/ectester221.cap" sources="src/cz/crcs/ectester/applet" aid="${pkg_aid}" excludes="ECTesterAppletExtended.*">
+				<applet class="cz.crcs.ectester.applet.ECTesterApplet" aid="${applet_aid_221}"/>
 			</cap>
 		</javacard>
 	</target>
 
 	<target name="build-222" description="Builds the CAP file for JavaCard 2.2.2." if="cap_extended">
 		<javacard jckit="${JC222}">
 			<cap output="applet/ectester222.cap" sources="src/cz/crcs/ectester/applet" aid="${pkg_aid}" excludes="ECTesterApplet.*">
-				<applet class="cz.crcs.ectester.applet.ECTesterAppletExtended" aid="${applet_aid}"/>
+				<applet class="cz.crcs.ectester.applet.ECTesterAppletExtended" aid="${applet_aid_222}"/>
 			</cap>
 		</javacard>
 	</target>

build.xml

@@ -10,6 +10,9 @@
         <ant antfile="build-reader.xml" target="package"/>
         <ant antfile="build-standalone.xml" target="package"/>
     </target>
+    <target name="upload">
+    	<ant antfile="build-applet.xml" target="upload"/>
+    </target>
     <target name="clean">
         <ant antfile="build-applet.xml" target="clean"/>
         <ant antfile="build-reader.xml" target="clean"/>

docs/LIBS.md

@@ -1,6 +1,6 @@
 # Libraries with ECC support
 
-Popular libraries with at least some ECC support:
+Popular libraries with at least some ECC support, that ECTester does not yet support:
 
  - [NSS](https://hg.mozilla.org/projects/nss)
  - [mbedTLS](https://tls.mbed.org/)
@@ -55,8 +55,11 @@ Libraries that ECTester can test.
         - Uses Lopez-Dahab (Montgomery) ladder, XZ coordinates (ec2_mont.c): Fast multiplication on elliptic curves over GF(2^m) without precomputation (Algorithm 2P)
         - Contains an implementation of IEEE P1363 algorithm A.10.3 using affine coordinates (ec2_aff.c)
     - Has some custom arithmetic for some of the NIST primes.
- - [WolfCrypt](https://www.wolfssl.com)
+ - [WolfCrypt(WolfSSL)](https://www.wolfssl.com)
     - C + Java
+    - Prime field curves only.
+    - Jacobian coordinates:
+        - Uses sliding window scalar multiplication, (discards `b` parameter of curve), but validates points.
  - [OpenSSL](https://www.openssl.org/)
     - C
     - For prime field curves:

src/cz/crcs/ectester/applet/AppletBase.java

@@ -3,6 +3,13 @@
 import javacard.framework.*;
 import javacard.security.*;
 
+/**
+ * Applet base class, that handles instructions, given
+ * either basic or extended length APDUs.
+ *
+ * @author Petr Svenda petr@svenda.com
+ * @author Jan Jancar johny@neuromancer.sk
+ */
 public abstract class AppletBase extends Applet {
 
     // MAIN INSTRUCTION CLASS
@@ -25,6 +32,8 @@ public abstract class AppletBase extends Applet {
     public static final byte INS_ALLOCATE_SIG = (byte) 0x77;
     public static final byte INS_GET_INFO = (byte) 0x78;
     public static final byte INS_SET_DRY_RUN_MODE = (byte) 0x79;
+    public static final byte INS_BUFFER = (byte) 0x7a;
+    public static final byte INS_PERFORM = (byte) 0x7b;
 
     // PARAMETERS for P1 and P2
     public static final byte KEYPAIR_LOCAL = (byte) 0x01;
@@ -42,6 +51,7 @@ public abstract class AppletBase extends Applet {
     public static final short SW_KA_NULL = (short) 0x0ee4;
     public static final short SW_SIGNATURE_NULL = (short) 0x0ee5;
     public static final short SW_OBJECT_NULL = (short) 0x0ee6;
+    public static final short SW_CANNOT_FIT = (short) 0x0ee7;
     public static final short SW_Exception = (short) 0xff01;
     public static final short SW_ArrayIndexOutOfBoundsException = (short) 0xff02;
     public static final short SW_ArithmeticException = (short) 0xff03;
@@ -58,6 +68,10 @@ public abstract class AppletBase extends Applet {
     public static final short BASE_221 = (short) 0x0221;
     public static final short BASE_222 = (short) 0x0222;
 
+    //
+    public static final short CDATA_BASIC = (short) 5;
+    public static final short CDATA_EXTENDED = (short) 7;
+
     //
     public static final byte[] VERSION = {'v', '0', '.', '3', '.', '2'};
 
@@ -68,6 +82,8 @@ public abstract class AppletBase extends Applet {
     byte[] ramArray = null;
     byte[] ramArray2 = null;
     byte[] apduArray = null;
+    short apduEnd = 0;
+    short cdata = 0;
 
     RandomData randomData = null;
 
@@ -87,10 +103,13 @@ protected AppletBase(byte[] buffer, short offset, byte length) {
             // go to proprietary data
             dataOffset++;
             */
+            short resetMemory = JCSystem.getAvailableMemory(JCSystem.MEMORY_TYPE_TRANSIENT_RESET);
+            short deselectMemory = JCSystem.getAvailableMemory(JCSystem.MEMORY_TYPE_TRANSIENT_DESELECT);
+            byte memoryType = (resetMemory >= deselectMemory) ? JCSystem.CLEAR_ON_RESET : JCSystem.CLEAR_ON_DESELECT;
 
-            ramArray = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
-            ramArray2 = JCSystem.makeTransientByteArray(ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET);
-            apduArray = JCSystem.makeTransientByteArray(APDU_MAX_LENGTH, JCSystem.CLEAR_ON_RESET);
+            ramArray = JCSystem.makeTransientByteArray(ARRAY_LENGTH, memoryType);
+            ramArray2 = JCSystem.makeTransientByteArray(ARRAY_LENGTH, memoryType);
+            apduArray = JCSystem.makeTransientByteArray(APDU_MAX_LENGTH, memoryType);
 
             randomData = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
             EC_Consts.randomData = randomData;
@@ -113,7 +132,27 @@ public void process(APDU apdu) throws ISOException {
 
         if (cla == CLA_ECTESTERAPPLET) {
             try {
-                readAPDU(apdu, apduArray, APDU_MAX_LENGTH);
+                if (ins == INS_BUFFER) {
+                    short read = readAPDU(apdu, true);
+                    if (read == -1) {
+                        ISOException.throwIt(SW_CANNOT_FIT);
+                        return;
+                    }
+                    apduEnd += read;
+                    apdu.setOutgoingAndSend((short) 0, (short) 0);
+                    return;
+                } else {
+                    apduEnd = 0;
+                    if (ins == INS_PERFORM) {
+                        ins = apduArray[ISO7816.OFFSET_INS];
+                        apdu.setIncomingAndReceive();
+                    } else {
+                        if (readAPDU(apdu, false) == -1) {
+                            ISOException.throwIt(SW_CANNOT_FIT);
+                            return;
+                        }
+                    }
+                }
 
                 short length = 0;
                 switch (ins) {
@@ -201,22 +240,40 @@ public void process(APDU apdu) throws ISOException {
         } else ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
     }
 
-    private void readAPDU(APDU apdu, byte[] buffer, short length) {
+    private short readAPDU(APDU apdu, boolean skipHeader) {
+        byte[] apduBuffer = apdu.getBuffer();
+
+        /* How much stuff is in apduBuffer */
         short read = apdu.setIncomingAndReceive();
-        read += getOffsetCdata(apdu);
-        short total = getIncomingLength(apdu);
-        if (total > length) {
-            return;
+        short cdataOffset = getOffsetCdata(apdu);
+        read += cdataOffset;
+
+        /* Where to start reading from? */
+        short offset = 0;
+        if (skipHeader) {
+            offset = cdataOffset;
+            cdata = CDATA_EXTENDED;
+        } else {
+            cdata = CDATA_BASIC;
         }
 
-        byte[] apduBuffer = apdu.getBuffer();
-        short sum = 0;
+        /* How much stuff was really sent in this APDU? */
+        short total = (short) (getIncomingLength(apdu) + cdataOffset);
+        short todo = (short) (total - offset);
+        /* Can we fit? */
+        if (todo > (short) (apduArray.length - apduEnd)) {
+            return -1;
+        }
 
-        do {
-            Util.arrayCopyNonAtomic(apduBuffer, (short) 0, buffer, sum, read);
-            sum += read;
+        /* How much stuff was copied over. */
+        short written = 0;
+        while (written < todo) {
+            Util.arrayCopyNonAtomic(apduBuffer, offset, apduArray, (short) (apduEnd + written), (short) (read - offset));
+            written += (short) (read - offset);
+            offset = 0;
             read = apdu.receiveBytes((short) 0);
-        } while (sum < total);
+        }
+        return written;
     }
 
     abstract short getOffsetCdata(APDU apdu);
@@ -232,7 +289,6 @@ private void readAPDU(APDU apdu, byte[] buffer, short length) {
      * @return length of response
      */
     private short insAllocateKA(APDU apdu) {
-        short cdata = getOffsetCdata(apdu);
         byte kaType = apduArray[cdata];
         short sw = keyTester.allocateKA(kaType);
         Util.setShort(apdu.getBuffer(), (short) 0, sw);
@@ -246,7 +302,6 @@ private short insAllocateKA(APDU apdu) {
      * @return length of response
      */
     private short insAllocateSig(APDU apdu) {
-        short cdata = getOffsetCdata(apdu);
         byte sigType = apduArray[cdata];
         short sw = keyTester.allocateSig(sigType);
         Util.setShort(apdu.getBuffer(), (short) 0, sw);
@@ -265,7 +320,6 @@ private short insAllocateSig(APDU apdu) {
      */
     private short insAllocate(APDU apdu) {
         byte keyPair = apduArray[ISO7816.OFFSET_P1];
-        short cdata = getOffsetCdata(apdu);
         short keyLength = Util.getShort(apduArray, cdata);
         byte keyClass = apduArray[(short) (cdata + 2)];
 
@@ -311,7 +365,6 @@ private short insClear(APDU apdu) {
     private short insSet(APDU apdu) {
         byte keyPair = apduArray[ISO7816.OFFSET_P1];
         byte curve = apduArray[ISO7816.OFFSET_P2];
-        short cdata = getOffsetCdata(apdu);
         short params = Util.getShort(apduArray, cdata);
 
         short len = 0;
@@ -339,7 +392,6 @@ private short insSet(APDU apdu) {
     private short insTransform(APDU apdu) {
         byte keyPair = apduArray[ISO7816.OFFSET_P1];
         byte key = apduArray[ISO7816.OFFSET_P2];
-        short cdata = getOffsetCdata(apdu);
         short params = Util.getShort(apduArray, cdata);
         short transformation = Util.getShort(apduArray, (short) (cdata + 2));
 
@@ -388,7 +440,6 @@ private short insGenerate(APDU apdu) {
     private short insExport(APDU apdu) {
         byte keyPair = apduArray[ISO7816.OFFSET_P1];
         byte key = apduArray[ISO7816.OFFSET_P2];
-        short cdata = getOffsetCdata(apdu);
         short params = Util.getShort(apduArray, cdata);
 
         short swOffset = 0;
@@ -419,7 +470,6 @@ private short insExport(APDU apdu) {
     private short insECDH(APDU apdu) {
         byte pubkey = apduArray[ISO7816.OFFSET_P1];
         byte privkey = apduArray[ISO7816.OFFSET_P2];
-        short cdata = getOffsetCdata(apdu);
         byte export = apduArray[cdata];
         short transformation = Util.getShort(apduArray, (short) (cdata + 1));
         byte type = apduArray[(short) (cdata + 3)];
@@ -441,7 +491,6 @@ private short insECDH(APDU apdu) {
     private short insECDH_direct(APDU apdu) {
         byte privkey = apduArray[ISO7816.OFFSET_P1];
         byte export = apduArray[ISO7816.OFFSET_P2];
-        short cdata = getOffsetCdata(apdu);
         short transformation = Util.getShort(apduArray, cdata);
         byte type = apduArray[(short) (cdata + 2)];
         short length = Util.getShort(apduArray, (short) (cdata + 3));
@@ -463,7 +512,6 @@ private short insECDH_direct(APDU apdu) {
     private short insECDSA(APDU apdu) {
         byte keyPair = apduArray[ISO7816.OFFSET_P1];
         byte export = apduArray[ISO7816.OFFSET_P2];
-        short cdata = getOffsetCdata(apdu);
         byte sigType = apduArray[cdata];
 
         short len = 0;
@@ -488,7 +536,6 @@ private short insECDSA(APDU apdu) {
     private short insECDSA_sign(APDU apdu) {
         byte keyPair = apduArray[ISO7816.OFFSET_P1];
         byte export = apduArray[ISO7816.OFFSET_P2];
-        short cdata = getOffsetCdata(apdu);
         byte sigType = apduArray[cdata];
 
         short len = 0;
@@ -513,7 +560,6 @@ private short insECDSA_sign(APDU apdu) {
     private short insECDSA_verify(APDU apdu) {
         byte keyPair = apduArray[ISO7816.OFFSET_P1];
         byte sigType = apduArray[ISO7816.OFFSET_P2];
-        short cdata = getOffsetCdata(apdu);
 
         short len = 0;
         if ((keyPair & KEYPAIR_LOCAL) != 0) {