Add XDH and EdDSA

.github/workflows/build.yml

@@ -52,7 +52,7 @@ jobs:
 
     strategy:
       matrix:
-        java: [ "11", "17", "21" ]
+        java: [ "17", "21", "22" ]
     name: Build reader on Java ${{ matrix.java }}
     steps:
       - uses: actions/checkout@v4
@@ -88,7 +88,7 @@ jobs:
 
     strategy:
       matrix:
-        java: [ "11", "17", "21" ]
+        java: [ "17", "21", "22"]
     env:
       # ffs: https://github.com/adoptium/adoptium-support/issues/485 !!!
       # also, add the wolfcrypt JNI path

README.md

@@ -36,12 +36,15 @@ There are three parts of ECTester, the JavaCard applet used for testing, the rea
 standalone app which tests software libraries. The target platform for ECTester is Linux, but things should work on
 Windows as well, although testing of standalone libraries will be limited to Java libraries and Microsoft CNG library.
 
+The ECTester parts require different Java versions. Reader and standalone parts require Java >= 15 while the applet build
+will be able to target different JavaCard versions based on the Java version, see [this list](https://github.com/martinpaljak/ant-javacard/wiki/JavaCard-SDK-and-JDK-version-compatibility).
+
 To build ECTester simply do:
 ```bash
 git submodule update --init --recursive       # To initialize submodules (JavaCard SDKs, Microsoft CNG, BoringSSL, ...)
 ./gradlew :applet:buildJavaCard               # To build the applet (cap) -> "applet/build/javacard/applet[221,222,305].cap".
 ./gradlew :reader:uberJar                     # To build the reader tool (jar) -> "reader/build/libs/ECTesterReader.jar"
-./gradlew :standalone:libs                    # To build the native library shims. (Necessary
+./gradlew :standalone:libs                    # To build the native library shims.
 ./gradlew :standalone:uberJar                 # To build the standalone tool (jar) -> "standalone/build/libs/ECTesterStandalone.jar"
 ```
 The applet comes in several flavors, targeting JavaCard `2.2.1`, `2.2.2` and `3.0.5`. The `2.2.2` and later flavors

common/build.gradle.kts

@@ -23,5 +23,5 @@ dependencies {
 }
 
 java {
-    sourceCompatibility = JavaVersion.VERSION_11
+    sourceCompatibility = JavaVersion.VERSION_15
 }

common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java

@@ -2,20 +2,22 @@
 
 import cz.crcs.ectester.common.ec.*;
 import cz.crcs.ectester.data.EC_Store;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.signers.PlainDSAEncoding;
 import org.bouncycastle.crypto.signers.StandardDSAEncoding;
+import org.bouncycastle.jcajce.interfaces.EdDSAPrivateKey;
+import org.bouncycastle.jcajce.interfaces.EdDSAPublicKey;
+import org.bouncycastle.jcajce.interfaces.XDHPrivateKey;
+import org.bouncycastle.jcajce.interfaces.XDHPublicKey;
 
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
-import java.security.KeyPair;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.interfaces.ECKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
+import java.security.*;
+import java.security.interfaces.*;
 import java.security.spec.*;
 import java.util.LinkedList;
 import java.util.List;
@@ -456,6 +458,46 @@ public static ECKey loadKey(short params, String named, String file, AlgorithmPa
         return null;
     }
 
+    public static byte[] pubkeyToBytes(PublicKey pubkey) {
+        if (pubkey instanceof ECPublicKey) {
+            ECPublicKey ecPublicKey = (ECPublicKey) pubkey;
+            return ECUtil.toX962Uncompressed(ecPublicKey.getW(), ecPublicKey.getParams());
+        } else if (pubkey instanceof XECPublicKey) {
+            XECPublicKey xedPublicKey = (XECPublicKey) pubkey;
+            return xedPublicKey.getU().toByteArray();
+        } else if (pubkey instanceof EdECPublicKey) {
+            EdECPublicKey edECPublicKey = (EdECPublicKey) pubkey;
+            return edECPublicKey.getPoint().getY().toByteArray();
+        } else if (pubkey instanceof XDHPublicKey) {
+            XDHPublicKey xdhPublicKey = (XDHPublicKey) pubkey;
+            return xdhPublicKey.getU().toByteArray();
+            // Special-case BouncyCastle XDH
+        } else if (pubkey instanceof EdDSAPublicKey) {
+            EdDSAPublicKey edDSAPublicKey = (EdDSAPublicKey) pubkey;
+            // Special-case BouncyCastle EdDSA
+            return edDSAPublicKey.getPointEncoding();
+        }
+        return null;
+    }
+
+    public static byte[] privkeyToBytes(PrivateKey privkey) {
+        if (privkey instanceof ECPrivateKey) {
+            ECPrivateKey ecPrivateKey = (ECPrivateKey) privkey;
+            return ecPrivateKey.getS().toByteArray();
+        } else if (privkey instanceof XECPrivateKey) {
+            XECPrivateKey xecPrivateKey = (XECPrivateKey) privkey;
+            return xecPrivateKey.getScalar().get();
+        } else if (privkey instanceof EdECPrivateKey) {
+            EdECPrivateKey edECPrivateKey = (EdECPrivateKey) privkey;
+            return edECPrivateKey.getBytes().get();
+        } else if (privkey instanceof XDHPrivateKey || privkey instanceof EdDSAPrivateKey) {
+            // Special-case BouncyCastle XDH and EdDSA
+            PrivateKeyInfo xpkinfo = PrivateKeyInfo.getInstance(privkey.getEncoded());
+            return ASN1OctetString.getInstance(xpkinfo.getPrivateKey().getOctets()).getOctets();
+        }
+        return null;
+    }
+
     public static boolean equalKeyPairParameters(ECPrivateKey priv, ECPublicKey pub) {
         if (priv == null || pub == null) {
             return false;

reader/build.gradle.kts

@@ -23,7 +23,7 @@ dependencies {
 }
 
 java {
-    sourceCompatibility = JavaVersion.VERSION_11
+    sourceCompatibility = JavaVersion.VERSION_15
 }
 
 application {

standalone/build.gradle.kts

@@ -25,7 +25,7 @@ dependencies {
 }
 
 java {
-    sourceCompatibility = JavaVersion.VERSION_11
+    sourceCompatibility = JavaVersion.VERSION_15
 }
 
 application {

standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java

@@ -37,9 +37,6 @@
 import cz.crcs.ectester.standalone.consts.SignatureIdent;
 import cz.crcs.ectester.standalone.libs.*;
 import cz.crcs.ectester.standalone.output.FileTestWriter;
-import cz.crcs.ectester.standalone.output.TextTestWriter;
-import cz.crcs.ectester.standalone.output.XMLTestWriter;
-import cz.crcs.ectester.standalone.output.YAMLTestWriter;
 import cz.crcs.ectester.standalone.test.suites.*;
 import org.apache.commons.cli.*;
 
@@ -55,8 +52,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.*;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.*;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.ECGenParameterSpec;
 import java.security.spec.ECParameterSpec;
@@ -306,19 +302,19 @@ private void listLibraries() {
                 System.out.println(Colors.bold("\t\t- Supports native timing: ") + lib.getNativeTimingSupport().toString());
                 Set<KeyPairGeneratorIdent> kpgs = lib.getKPGs();
                 if (!kpgs.isEmpty()) {
-                    System.out.println(Colors.bold("\t\t- KeyPairGenerators: ") + kpgs.stream().map(KeyPairGeneratorIdent::getName).collect(Collectors.joining(", ")));
+                    System.out.println(Colors.bold("\t\t- KeyPairGenerators: ") + kpgs.stream().map(KeyPairGeneratorIdent::getName).sorted().collect(Collectors.joining(", ")));
                 }
                 Set<KeyAgreementIdent> eckas = lib.getKAs();
                 if (!eckas.isEmpty()) {
-                    System.out.println(Colors.bold("\t\t- KeyAgreements: ") + eckas.stream().map(KeyAgreementIdent::getName).collect(Collectors.joining(", ")));
+                    System.out.println(Colors.bold("\t\t- KeyAgreements: ") + eckas.stream().map(KeyAgreementIdent::getName).sorted().collect(Collectors.joining(", ")));
                 }
                 Set<SignatureIdent> sigs = lib.getSigs();
                 if (!sigs.isEmpty()) {
-                    System.out.println(Colors.bold("\t\t- Signatures: ") + sigs.stream().map(SignatureIdent::getName).collect(Collectors.joining(", ")));
+                    System.out.println(Colors.bold("\t\t- Signatures: ") + sigs.stream().map(SignatureIdent::getName).sorted().collect(Collectors.joining(", ")));
                 }
                 Set<String> curves = lib.getCurves();
                 if (!curves.isEmpty()) {
-                    System.out.println(Colors.bold("\t\t- Curves: ") + String.join(", ", curves));
+                    System.out.println(Colors.bold("\t\t- Curves: ") + curves.stream().sorted().collect(Collectors.joining(", ")));
                 }
                 System.out.println();
             }
@@ -458,8 +454,8 @@ private void ecdh() throws NoSuchAlgorithmException, InvalidAlgorithmParameterEx
             other = kpg.genKeyPair();
         }
 
-        ECPrivateKey privkey = (ECPrivateKey) ECUtil.loadKey(EC_Consts.PARAMETER_S, cli.getOptionValue("ecdh.named-private"), cli.getOptionValue("ecdh.private"), spec);
-        ECPublicKey pubkey = (ECPublicKey) ECUtil.loadKey(EC_Consts.PARAMETER_W, cli.getOptionValue("ecdh.named-public"), cli.getOptionValue("ecdh.public"), spec);
+        PrivateKey privkey = (ECPrivateKey) ECUtil.loadKey(EC_Consts.PARAMETER_S, cli.getOptionValue("ecdh.named-private"), cli.getOptionValue("ecdh.private"), spec);
+        PublicKey pubkey = (ECPublicKey) ECUtil.loadKey(EC_Consts.PARAMETER_W, cli.getOptionValue("ecdh.named-public"), cli.getOptionValue("ecdh.public"), spec);
 
         int amount = Integer.parseInt(cli.getOptionValue("ecdh.amount", "1"));
         for (int i = 0; i < amount || amount == 0; ++i) {
@@ -471,11 +467,11 @@ private void ecdh() throws NoSuchAlgorithmException, InvalidAlgorithmParameterEx
             }
 
             if (!cli.hasOption("ecdh.named-private") && !cli.hasOption("ecdh.private")) {
-                privkey = (ECPrivateKey) one.getPrivate();
+                privkey = one.getPrivate();
             }
 
             if (!cli.hasOption("ecdh.named-public") && !cli.hasOption("ecdh.public")) {
-                pubkey = (ECPublicKey) other.getPublic();
+                pubkey = other.getPublic();
             }
 
             long elapsed = -System.nanoTime();
@@ -501,8 +497,8 @@ private void ecdh() throws NoSuchAlgorithmException, InvalidAlgorithmParameterEx
             }
             ka = kaIdent.getInstance(lib.getProvider());
 
-            String pub = ByteUtil.bytesToHex(ECUtil.toX962Uncompressed(pubkey.getW(), pubkey.getParams()), false);
-            String priv = ByteUtil.bytesToHex(privkey.getS().toByteArray(), false);
+            String pub = ByteUtil.bytesToHex(ECUtil.pubkeyToBytes(pubkey), false);
+            String priv = ByteUtil.bytesToHex(ECUtil.privkeyToBytes(privkey), false);
             String dh = ByteUtil.bytesToHex(result, false);
             out.printf("%d;%d;%s;%s;%s%n", i, elapsed, pub, priv, dh);
         }
@@ -605,17 +601,17 @@ private void ecdsa() throws NoSuchAlgorithmException, InvalidAlgorithmParameterE
         String hashAlgoOut = sigIdent.getHashAlgo() != null ? String.format("[%s]", sigIdent.getHashAlgo()) : "";
         out.printf("index;signTime[%s];verifyTime[%s];data;pubW;privS;signature%s;nonce;verified%n", timeUnit, timeUnit, hashAlgoOut);
 
-        ECPrivateKey privkey = (ECPrivateKey) ECUtil.loadKey(EC_Consts.PARAMETER_S, cli.getOptionValue("ecdsa.named-private"), cli.getOptionValue("ecdsa.private"), spec);
-        ECPublicKey pubkey = (ECPublicKey) ECUtil.loadKey(EC_Consts.PARAMETER_W, cli.getOptionValue("ecdsa.named-public"), cli.getOptionValue("ecdsa.public"), spec);
+        PrivateKey privkey = (ECPrivateKey) ECUtil.loadKey(EC_Consts.PARAMETER_S, cli.getOptionValue("ecdsa.named-private"), cli.getOptionValue("ecdsa.private"), spec);
+        PublicKey pubkey = (ECPublicKey) ECUtil.loadKey(EC_Consts.PARAMETER_W, cli.getOptionValue("ecdsa.named-public"), cli.getOptionValue("ecdsa.public"), spec);
 
         KeyPair one;
         if (cli.hasOption("ecdsa.fixed")) {
             one = kpg.genKeyPair();
             if (!cli.hasOption("ecdsa.named-private")) {
-                privkey = (ECPrivateKey) one.getPrivate();
+                privkey = one.getPrivate();
             }
             if (!cli.hasOption("ecdsa.named-public")) {
-                pubkey = (ECPublicKey) one.getPublic();
+                pubkey = one.getPublic();
             }
         }
 
@@ -626,10 +622,10 @@ private void ecdsa() throws NoSuchAlgorithmException, InvalidAlgorithmParameterE
                 one = kpg.genKeyPair();
 
                 if (!cli.hasOption("ecdsa.named-private")) {
-                    privkey = (ECPrivateKey) one.getPrivate();
+                    privkey = one.getPrivate();
                 }
                 if (!cli.hasOption("ecdsa.named-public")) {
-                    pubkey = (ECPublicKey) one.getPublic();
+                    pubkey = one.getPublic();
                 }
             }
 
@@ -653,27 +649,31 @@ private void ecdsa() throws NoSuchAlgorithmException, InvalidAlgorithmParameterE
                 verifyTime = lib.getLastNativeTiming();
             }
 
-            String pub = ByteUtil.bytesToHex(ECUtil.toX962Uncompressed(pubkey.getW(), pubkey.getParams()), false);
-            String priv = ByteUtil.bytesToHex(privkey.getS().toByteArray(), false);
+            String pub = ByteUtil.bytesToHex(ECUtil.pubkeyToBytes(pubkey), false);
+            String priv = ByteUtil.bytesToHex(ECUtil.privkeyToBytes(privkey), false);
             String sign = ByteUtil.bytesToHex(signature, false);
             String k = "";
-            ECParameterSpec kSpec = spec;
-            if (kSpec == null) {
-                kSpec = privkey.getParams();
-            }
-            if (kSpec != null) {
-                // Parse the types out of SignatureIdent.
-                String hashAlgo = sigIdent.getHashAlgo();
-                String sigType = sigIdent.getSigType();
-                if (sigType == null) {
-                    sigType = sigIdent.toString();
+            if (privkey instanceof ECPrivateKey) {
+                ECPrivateKey ecPrivateKey = (ECPrivateKey) privkey;
+                ECParameterSpec kSpec = spec;
+                if (kSpec == null) {
+                    kSpec = ecPrivateKey.getParams();
                 }
+                if (kSpec != null) {
+                    // Parse the types out of SignatureIdent.
+                    String hashAlgo = sigIdent.getHashAlgo();
+                    String sigType = sigIdent.getSigType();
+                    if (sigType == null) {
+                        sigType = sigIdent.toString();
+                    }
 
-                BigInteger kValue = ECUtil.recoverSignatureNonce(signature, data, privkey.getS(), kSpec, hashAlgo, sigType);
-                if (kValue != null) {
-                    k = ByteUtil.bytesToHex(kValue.toByteArray(), false);
+                    BigInteger kValue = ECUtil.recoverSignatureNonce(signature, data, ecPrivateKey.getS(), kSpec, hashAlgo, sigType);
+                    if (kValue != null) {
+                        k = ByteUtil.bytesToHex(kValue.toByteArray(), false);
+                    }
                 }
             }
+
             out.printf("%d;%d;%d;%s;%s;%s;%s;%s;%d%n", i, signTime, verifyTime, dataString, pub, priv, sign, k, verified ? 1 : 0);
         }
 
@@ -744,11 +744,17 @@ private void generate() throws NoSuchAlgorithmException, InvalidAlgorithmParamet
             if (!lib.getNativeTimingSupport().isEmpty()) {
                 elapsed = lib.getLastNativeTiming();
             }
-            ECPublicKey publicKey = (ECPublicKey) kp.getPublic();
-            ECPrivateKey privateKey = (ECPrivateKey) kp.getPrivate();
-
-            String pub = ByteUtil.bytesToHex(ECUtil.toX962Uncompressed(publicKey.getW(), publicKey.getParams()), false);
-            String priv = ByteUtil.bytesToHex(privateKey.getS().toByteArray(), false);
+            PublicKey pubkey = kp.getPublic();
+            PrivateKey privkey = kp.getPrivate();
+            byte[] pubBytes = ECUtil.pubkeyToBytes(pubkey);
+            byte[] privBytes = ECUtil.privkeyToBytes(privkey);
+            String pub = ByteUtil.bytesToHex(pubBytes, false);
+            String priv = ByteUtil.bytesToHex(privBytes, false);
+            if (pubBytes == null || privBytes == null) {
+                System.err.println(pubkey.getClass().getCanonicalName());
+                System.err.println(privkey.getClass().getCanonicalName());
+                break;
+            }
             out.printf("%d;%d;%s;%s%n", i, elapsed, pub, priv);
         }
 
@@ -763,7 +769,6 @@ private void generate() throws NoSuchAlgorithmException, InvalidAlgorithmParamet
     private void test() throws TestException, ParserConfigurationException, FileNotFoundException {
         TestWriter writer = new FileTestWriter(cli.getOptionValue("test.format", "text"), !cli.hasOption("test.quiet"), cli.getOptionValues("test.output"));
         StandaloneTestSuite suite;
-
         switch (cli.getArg(0).toLowerCase()) {
             case "test-vectors":
                 suite = new StandaloneTestVectorSuite(writer, cfg, cli);
@@ -798,9 +803,9 @@ private void test() throws TestException, ParserConfigurationException, FileNotF
             case "performance":
                 suite = new StandalonePerformanceSuite(writer, cfg, cli);
                 break;
-            case "default":
             default:
                 suite = new StandaloneDefaultSuite(writer, cfg, cli);
+                break;
         }
 
         suite.run();