search

crocs-muni / ECTester

Tests support and behavior of elliptic curve cryptography implementations on JavaCards (TYPE_EC_FP and TYPE_EC_F2M) and in selected software libraries.
https://crocs-muni.github.io/ECTester
MIT License
61 stars 13 forks source link

Fix wolfSSL/wolfCrypt key generation #30

Open quapka opened 1 month ago

quapka commented 1 month ago

WolfSSL complaints about keysize, which affects the tests. This does not show immediately in the GitHub Actions, because the exit code of the test itself is 0, e.g. here.

However, the output of the test-case is this (see default_wolfCrypt.txt file in this artefact):

═══ Running test suite: default ═══
═══ The default test suite run basic support of ECDH and ECDSA.
═══ Supports options:
═══      - gt/kpg-type
═══      - kt/ka-type
═══      - st/sig-type
═══      - key-type
═══ Date: 2024.07.23 08:30:22
═══ ECTester version: v0.3.3
═══ Library: wolfCrypt (wolfJCE)
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (0) KeyPairGenerator EC on                                                                          ┃ ERROR     ┃ [2/2] GenKeyPair   -> java.lang.RuntimeException : Keysize is 0, please set before generating key ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (1) KeyPairGenerator EC on                                                                          ┃ ERROR     ┃ [2/2] GenKeyPair   -> java.lang.RuntimeException : Keysize is 0, please set before generating key ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (2) KeyAgreement ECDH                                                                               ┃ ERROR     ┃ [1/5] GetPrivate   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (3) Signature SHA1withECDSA                                                                         ┃ ERROR     ┃ [1/7] GetKeys   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (4) Signature SHA384withECDSA                                                                       ┃ ERROR     ┃ [1/7] GetKeys   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (5) Signature SHA512withECDSA                                                                       ┃ ERROR     ┃ [1/7] GetKeys   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (6) Signature SHA256withECDSA                                                                       ┃ ERROR     ┃ [1/7] GetKeys   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
J08nY commented 1 month ago

It took me some time but I figured out this is the source of the first exception: https://github.com/wolfSSL/wolfcrypt-jni/blob/5ce2d0ea9a9e54efa204ae7b1a725db9f6543b9a/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyPairGenerator.java#L295

ECTester expects that the provider will choose some default parameters/keysize when the KeyPairGenerator is not provided with them but wolfCrypt does not do that and instead raises an exception.

J08nY commented 1 month ago

Other issues of the sort "com.wolfssl.wolfcrypt.WolfCryptException : ASN parsing error, invalid input" are due to the wolfCrypt provider expecting keys in ASN.1 DER format (as it internally uses the wc_EccPublicKeyDecode function) while ECTester (and the rest of the Java providers/the world) uses the ANSI X9.62 format.