javacard.security.ECPrivateKey Java Examples

public boolean unwrap(byte[] keyHandle, short keyHandleOffset, short keyHandleLength, byte[] applicationParameter, short applicationParameterOffset, ECPrivateKey unwrappedPrivateKey) {
	
	calcMAC(applicationParameter, applicationParameterOffset, keyHandle, keyHandleOffset);
	
	//Compare MAC
	if (Util.arrayCompare(scratch, (short) 0, keyHandle, (short)(keyHandleOffset+32), (short)32)!=0) {
		return false;
	}
	
	//only get key if signing is required
    if (unwrappedPrivateKey != null) {

    	//Regenerate PrivKey 
    	generatePrivateKey(applicationParameter, applicationParameterOffset, keyHandle, keyHandleOffset);
    	
        unwrappedPrivateKey.setS(scratch, (short)0, (short)32);
    }
    Util.arrayFillNonAtomic(scratch, (short)0, (short)32, (byte)0x00);
    return true;
}
 

/**
 * Creates new curve object from provided parameters. Either copy of provided
 * arrays is performed (bCopyArgs == true, input arrays can be reused later for other
 * purposes) or arguments are directly stored (bCopyArgs == false, usable for fixed static arrays) .
 * @param bCopyArgs if true, copy of arguments is created, otherwise reference is directly stored
 * @param p_arr array with p
 * @param a_arr array with a
 * @param b_arr array with b
 * @param G_arr array with base point G
 * @param r_arr array with r
 */
public ECCurve(boolean bCopyArgs, byte[] p_arr, byte[] a_arr, byte[] b_arr, byte[] G_arr, byte[] r_arr) {
    //ECCurve_initialize(p_arr, a_arr, b_arr, G_arr, r_arr);
    this.KEY_LENGTH = (short) (p_arr.length * 8);
    this.POINT_SIZE = (short) G_arr.length;
    this.COORD_SIZE = (short) ((short) (G_arr.length - 1) / 2);

    if (bCopyArgs) {
        // Copy curve parameters into newly allocated arrays in EEPROM (will be only read, not written later => good performance even when in EEPROM)
        this.p = new byte[(short) p_arr.length];
        this.a = new byte[(short) a_arr.length];
        this.b = new byte[(short) b_arr.length];
        this.G = new byte[(short) G_arr.length];
        this.r = new byte[(short) r_arr.length];

        Util.arrayCopyNonAtomic(p_arr, (short) 0, p, (short) 0, (short) p.length);
        Util.arrayCopyNonAtomic(a_arr, (short) 0, a, (short) 0, (short) a.length);
        Util.arrayCopyNonAtomic(b_arr, (short) 0, b, (short) 0, (short) b.length);
        Util.arrayCopyNonAtomic(G_arr, (short) 0, G, (short) 0, (short) G.length);
        Util.arrayCopyNonAtomic(r_arr, (short) 0, r, (short) 0, (short) r.length);
    }
    else {
        // No allocation, store directly provided arrays 
        this.p = p_arr;
        this.a = a_arr;
        this.b = b_arr;
        this.G = G_arr;
        this.r = r_arr;
    }

    // We will not modify values of p/a/b during the lifetime of curve => allocate helper bignats directly from the array
    // Additionally, these Bignats will be only read from so Bignat_Helper can be null (saving need to pass as argument to ECCurve)
    this.pBN = new Bignat(this.p, null);
    this.aBN = new Bignat(this.a, null);
    this.bBN = new Bignat(this.b, null);

    this.disposable_pair = this.newKeyPair(null);
    this.disposable_priv = (ECPrivateKey) this.disposable_pair.getPrivate();
}
 

private static void handleAirgapKeyAgreement(APDU apdu) throws ISOException {
    short offset = (short)0;
    byte[] buffer = apdu.getBuffer();
    apdu.setIncomingAndReceive();
    checkAirgapPersonalizationAvailable();
    if (buffer[ISO7816.OFFSET_P1] == P1_INITIATE_PAIRING) {
        if (buffer[ISO7816.OFFSET_LC] != (byte)65) {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }
        pairingDone = false;
        Crypto.keyPair.genKeyPair();
        Crypto.keyAgreement.init((ECPrivateKey)Crypto.keyPair.getPrivate());
        Crypto.keyAgreement.generateSecret(buffer, ISO7816.OFFSET_CDATA, (short)65, scratch256, (short)0);
        pairingKey.setKey(scratch256, (short)0);
        ((ECPublicKey)Crypto.keyPair.getPublic()).getW(buffer, offset);
        offset += (short)65;
        Crypto.signature.init(attestationPrivate, Signature.MODE_SIGN);
        Crypto.signature.sign(buffer, (short)0, (short)65, buffer, offset);
        offset += (short)(buffer[(short)(offset + 1)] + 2);
        apdu.setOutgoingAndSend((short)0, offset);
    }
    else
    if (buffer[ISO7816.OFFSET_P1] == P1_CONFIRM_PAIRING) {
        if (buffer[ISO7816.OFFSET_LC] != (byte)32) {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }
        Crypto.initCipherAES(pairingKey, false);
        Crypto.blobEncryptDecryptAES.doFinal(buffer, ISO7816.OFFSET_CDATA, (short)32, scratch256, (short)0);
        pairingKey.setKey(scratch256, (short)0);
        pairingDone = true;
    }
    else {
        ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
    }
}
 

public LedgerWalletApplet(byte[] parameters, short parametersOffset, byte parametersLength) {
    BCDUtils.init();
    TC.init();
    Crypto.init();
    Transaction.init();
    Bip32Cache.init();
    Keycard.init();
    limits = new byte[LIMIT_LAST];
    scratch256 = JCSystem.makeTransientByteArray((short)256, JCSystem.CLEAR_ON_DESELECT);
    transactionPin = new OwnerPIN(TRANSACTION_PIN_ATTEMPTS, TRANSACTION_PIN_SIZE);
    walletPin = new OwnerPIN(WALLET_PIN_ATTEMPTS, WALLET_PIN_SIZE);
    secondaryPin = new OwnerPIN(SECONDARY_PIN_ATTEMPTS, SECONDARY_PIN_SIZE);
    masterDerived = new byte[64];
    chipKey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
    trustedInputKey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
    developerKey = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_2KEY, false);
    try {
        pairingKey = (AESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_256, false);
    }
    catch(Exception e) {
    }
    reset();
    if (parametersLength != 0) {
        attestationPrivate = (ECPrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_256, false);
        attestationPublic = new byte[65];
        Secp256k1.setCommonCurveParameters(attestationPrivate);
        attestationPrivate.setS(parameters, parametersOffset, (short)32);
        parametersOffset += (short)32;
        attestationSignature = new byte[parameters[(short)(parametersOffset + 1)] + 2];
        Util.arrayCopy(parameters, parametersOffset, attestationSignature, (short)0, (short)attestationSignature.length);
    }
}
 

public FIDOCCImplementation() {
	
	random = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
	
    scratch = JCSystem.makeTransientByteArray((short)128, JCSystem.CLEAR_ON_DESELECT);
    //seed = new byte[64];
    
    keyPair = new KeyPair(
        (ECPublicKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PUBLIC, KeyBuilder.LENGTH_EC_FP_256, false),
        (ECPrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_256, false));
    Secp256r1.setCommonCurveParameters((ECKey)keyPair.getPrivate());
    Secp256r1.setCommonCurveParameters((ECKey)keyPair.getPublic());
            
    // Initialize the unique seed for DRNG function 
    //random.generateData(seed, (short)0, (short)64);
    
    // Initialize the unique seed for DRNG function       
    drngSeed1 = (AESKey)KeyBuilderX.buildKey(KeyBuilderX.TYPE_AES_STATIC, KeyBuilder.LENGTH_AES_256, false);
    drngSeed2 = (AESKey)KeyBuilderX.buildKey(KeyBuilderX.TYPE_AES_STATIC, KeyBuilder.LENGTH_AES_256, false);
    random.generateData(scratch, (short)0, (short)32);
    drngSeed1.setKey(scratch, (short)0);
    random.generateData(scratch, (short)0, (short)32);
    drngSeed2.setKey(scratch, (short)0);
 
    sha256 = MessageDigest.getInstance(MessageDigest.ALG_SHA_256, false);
            
    // Initialize the unique keys for MAC function
    macKey1 = (AESKey)KeyBuilderX.buildKey(KeyBuilderX.TYPE_AES_STATIC, KeyBuilder.LENGTH_AES_128, false);
    macKey2 = (AESKey)KeyBuilderX.buildKey(KeyBuilderX.TYPE_AES_STATIC, KeyBuilder.LENGTH_AES_128, false);
    random.generateData(scratch, (short)0, (short)16);
    macKey1.setKey(scratch, (short)0);
    random.generateData(scratch, (short)0, (short)16);
    macKey2.setKey(scratch, (short)0);
    
    // Initialize ecMultiplier 
    ecMultiplyHelper = KeyAgreementX.getInstance(KeyAgreementX.ALG_EC_SVDP_DH_PLAIN_XY, false);
}
 

/**
 * Set new G for this curve. Also updates all dependent key values.
 * @param newG buffer with new G
 * @param newGOffset start offset within newG
 * @param newGLen length of new G
 */
public void setG(byte[] newG, short newGOffset, short newGLen) {
    Util.arrayCopyNonAtomic(newG, newGOffset, G, (short) 0, newGLen);
    this.disposable_pair = this.newKeyPair(this.disposable_pair);
    this.disposable_priv = (ECPrivateKey) this.disposable_pair.getPrivate();
    this.disposable_priv.setG(newG, newGOffset, newGLen);  
}
 

public short generateKeyAndWrap(byte[] applicationParameter, short applicationParameterOffset, ECPrivateKey generatedPrivateKey, byte[] publicKey, short publicKeyOffset, byte[] keyHandle, short keyHandleOffset) {
    // Generate 48 byte nonce
	random.generateData(keyHandle, keyHandleOffset, (short) 48);
	
	//Generate PrivKey 
	generatePrivateKey(applicationParameter, applicationParameterOffset, keyHandle, keyHandleOffset);

	
	// Set private Key S, before generating Public Key
	((ECPrivateKey)keyPair.getPrivate()).setS(scratch, (short) 0, (short) 32);
	
	generatePublicKeyPoint(publicKey, publicKeyOffset);
	
	// erase Private Key
	Util.arrayFillNonAtomic(scratch, (short)0, (short)32, (byte)0x00);
	((ECPrivateKey)keyPair.getPrivate()).setS(scratch, (short) 0, (short) 32);
	
	calcMAC(applicationParameter, applicationParameterOffset, keyHandle, keyHandleOffset);
	Util.arrayCopyNonAtomic(scratch, (short) 0, keyHandle, (short) (keyHandleOffset + 32), (short) 32);
    
    return (short)64;
}
 

/**
 * Allocates objects needed by this class. Must be invoked during the applet installation exactly 1 time.
 */
SECP256k1() {
  this.ecPointMultiplier = KeyAgreement.getInstance(ALG_EC_SVDP_DH_PLAIN_XY, false);
  this.tmpECPrivateKey = (ECPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, SECP256K1_KEY_SIZE, false);
  setCurveParameters(tmpECPrivateKey);
}
 

/** 
 * This function allows to reset a private ECkey stored in the card.
 * If 2FA is enabled, a hmac code must be provided to reset the key.
 * 
 * ins: 0x33
 * p1: private key number (0x00-0x0F)
 * p2: 0x00
 * data: [ (option)HMAC-2FA(20b)] 
 * return: none
 */
private short ResetKey(APDU apdu, byte[] buffer) {
	// check that PIN[0] has been entered previously
	if (!pins[0].isValidated())
		ISOException.throwIt(SW_UNAUTHORIZED);
	
	if (buffer[ISO7816.OFFSET_P2] != (byte) 0x00)
		ISOException.throwIt(SW_INCORRECT_P2);
	byte key_nb = buffer[ISO7816.OFFSET_P1];
	if ((key_nb < 0) || (key_nb >= MAX_NUM_KEYS))
		ISOException.throwIt(SW_INCORRECT_P1);
	
	Key key = eckeys[key_nb];
	// check type and size
	if ((key == null) || !key.isInitialized())
		ISOException.throwIt(SW_INCORRECT_P1);
	
	// check 2FA if required
	if (needs_2FA){
		short bytesLeft = Util.makeShort((byte) 0x00, buffer[ISO7816.OFFSET_LC]);
		
		if (bytesLeft < (short)20)
			ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
		
		// compute the corresponding partial public key...
		keyAgreement.init((ECPrivateKey)key);
		keyAgreement.generateSecret(Secp256k1.SECP256K1, Secp256k1.OFFSET_SECP256K1_G, (short) 65, tmpBuffer, (short)0); //pubkey in uncompressed form
		Util.arrayCopy(tmpBuffer, (short)1, recvBuffer, (short)0, (short)32);
		// hmac of 64-bytes msg: (pubkey-x | 32bytes (0x20^key_nb)-padding)
		Util.arrayFillNonAtomic(recvBuffer, (short)32, (short)32, (byte) (0x20^key_nb));
		HmacSha160.computeHmacSha160(data2FA, OFFSET_2FA_HMACKEY, (short)20, recvBuffer, (short)0, (short)64, recvBuffer, (short)64);
		if (Util.arrayCompare(buffer, ISO7816.OFFSET_CDATA, recvBuffer, (short)64, (short)20)!=0)
			ISOException.throwIt(SW_SIGNATURE_INVALID);			
	}
	
	// clear key & reset flag
	key.clearKey();
	eckeys_flag &= (short) ~(0x0001 << key_nb);// reset corresponding bit flag;
	
	return (short)0;
}
 

/** 
 * This function returns the public key associated with a particular private key stored 
 * in the applet. The exact key blob contents depend on the key�s algorithm and type. 
 * 
 * ins: 0x35
 * p1: private key number (0x00-0x0F)
 * p2: 0x00
 * data: none 
 * return(SECP256K1): [coordx_size(2b) | pubkey_coordx | sig_size(2b) | sig]
 */
private short getPublicKeyFromPrivate(APDU apdu, byte[] buffer) {
	// check that PIN[0] has been entered previously
	if (!pins[0].isValidated())
		ISOException.throwIt(SW_UNAUTHORIZED);
	
	if (buffer[ISO7816.OFFSET_P2] != (byte) 0x00)
		ISOException.throwIt(SW_INCORRECT_P2);
	
	byte key_nb = buffer[ISO7816.OFFSET_P1];
	if ((key_nb < 0) || (key_nb >= MAX_NUM_KEYS))
		ISOException.throwIt(SW_INCORRECT_P1);
	
	Key key = eckeys[key_nb];
	// check type and size
	if ((key == null) || !key.isInitialized())
		ISOException.throwIt(SW_INCORRECT_P1);
	if (key.getType() != KeyBuilder.TYPE_EC_FP_PRIVATE)
		ISOException.throwIt(SW_INCORRECT_ALG);		
	if (key.getSize()!= LENGTH_EC_FP_256)
		ISOException.throwIt(SW_INCORRECT_ALG);
	// check the curve param
	if(!Secp256k1.checkCurveParameters((ECPrivateKey)key, recvBuffer, (short)0))
		ISOException.throwIt(SW_INCORRECT_ALG);
			
	// compute the corresponding partial public key...
       keyAgreement.init((ECPrivateKey)key);
       short coordx_size=(short)32;
   	keyAgreement.generateSecret(Secp256k1.SECP256K1, Secp256k1.OFFSET_SECP256K1_G, (short) 65, buffer, (short)1); //pubkey in uncompressed form
    Util.setShort(buffer, (short)0, coordx_size);
       
       // sign fixed message
       sigECDSA.init(key, Signature.MODE_SIGN);
       short sign_size= sigECDSA.sign(buffer, (short)0, (short)(coordx_size+2), buffer, (short)(coordx_size+4));
       Util.setShort(buffer, (short)(coordx_size+2), sign_size);
       
       // return x-coordinate of public key+signature
       // the client can recover full public-key from the signature or
       // by guessing the compression value () and verifying the signature... 
       return (short)(2+coordx_size+2+sign_size);
}
 

/**
 * \brief Compute a digital signature of the data from the apdu
 * 			using the private key referenced by	an earlier
 *			MANAGE SECURITY ENVIRONMENT apdu.
 *
 * \attention The apdu should contain a hash, not raw data for RSA keys.
 * 				PKCS1 padding will be applied if neccessary.
 *
 * \param apdu The PERFORM SECURITY OPERATION apdu with P1=9E and P2=9A.
 *
 * \throw ISOException SW_CONDITIONS_NOT_SATISFIED, SW_WRONG_LENGTH
 * 						and SW_UNKNOWN.
 */
private void computeDigitalSignature(APDU apdu) throws ISOException {
    byte[] buf = apdu.getBuffer();
    short offset_cdata;
    short lc;
    short sigLen = 0;


    switch(currentAlgorithmRef[0]) {
    case ALG_RSA_PAD_PKCS1:
        // Receive.
        // Bytes received must be Lc.
        lc = apdu.setIncomingAndReceive();
        if(lc != apdu.getIncomingLength()) {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }
        offset_cdata = apdu.getOffsetCdata();

        // RSA signature operation.
        RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) keys[currentPrivateKeyRef[0]];

        if(lc > (short) 247) {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }

        rsaPkcs1Cipher.init(rsaKey, Cipher.MODE_ENCRYPT);
        sigLen = rsaPkcs1Cipher.doFinal(buf, offset_cdata, lc, ram_buf, (short)0);

        if(sigLen != 256) {
            ISOException.throwIt(ISO7816.SW_UNKNOWN);
        }

        // A single short APDU can handle 256 bytes - only one send operation neccessary.
        short le = apdu.setOutgoing();
        if(le < sigLen) {
            ISOException.throwIt(ISO7816.SW_CORRECT_LENGTH_00);
        }
        apdu.setOutgoingLength(sigLen);
        apdu.sendBytesLong(ram_buf, (short) 0, sigLen);
        break;

    case ALG_ECDSA_SHA1:
        // Get the key - it must be a EC private key,
        // checks have been done in MANAGE SECURITY ENVIRONMENT.
        ECPrivateKey ecKey = (ECPrivateKey) keys[currentPrivateKeyRef[0]];

        // Initialisation should be done when:
        // 	- No command chaining is performed at all.
        //	- Command chaining is performed and this is the first apdu in the chain.
        if(ram_chaining_cache[RAM_CHAINING_CACHE_OFFSET_CURRENT_POS] == (short) 0) {
            ecdsaSignature.init(ecKey, Signature.MODE_SIGN);
            if(isCommandChainingCLA(apdu)) {
                ram_chaining_cache[RAM_CHAINING_CACHE_OFFSET_CURRENT_POS] = (short) 1;
            }
        }

        short recvLen = apdu.setIncomingAndReceive();
        offset_cdata = apdu.getOffsetCdata();

        // Receive data. For extended APDUs, the data is received piecewise
        // and aggregated in the hash. When using short APDUs, command
        // chaining is performed.
        while (recvLen > 0) {
            ecdsaSignature.update(buf, offset_cdata, recvLen);
            recvLen = apdu.receiveBytes(offset_cdata);
        }

        if(!isCommandChainingCLA(apdu)) {
            sigLen = ecdsaSignature.sign(buf, (short)0, (short)0, buf, (short) 0);
            ram_chaining_cache[RAM_CHAINING_CACHE_OFFSET_CURRENT_POS] = (short) 0;
            apdu.setOutgoingAndSend((short) 0, sigLen);
        } else {
            ram_chaining_cache[RAM_CHAINING_CACHE_OFFSET_CURRENT_POS]++;
        }

        break;

    default:
        // Wrong/unknown algorithm.
        ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
    }
}
 

public static boolean SignVerifyECDSA(ECPrivateKey privateKey, ECPublicKey publicKey, Signature signEngine, byte[] tmpSignArray) {
    signEngine.init(privateKey, Signature.MODE_SIGN);
    short signLen = signEngine.sign(msg, (short) 0, (short) msg.length, tmpSignArray, (short) 0);
    signEngine.init(publicKey, Signature.MODE_VERIFY);
    return signEngine.verify(msg, (short) 0, (short) msg.length, tmpSignArray, (short) 0, signLen);
}
 

/**
 * Derives the public key from the given private key and outputs it in the pubOut buffer. This is done by multiplying
 * the private key by the G point of the curve.
 *
 * @param privateKey the private key
 * @param pubOut the output buffer for the public key
 * @param pubOff the offset in pubOut
 * @return the length of the public key
 */
short derivePublicKey(ECPrivateKey privateKey, byte[] pubOut, short pubOff) {
  return multiplyPoint(privateKey, SECP256K1_G, (short) 0, (short) SECP256K1_G.length, pubOut, pubOff);
}
 

/**
 * Multiplies a scalar in the form of a private key by the given point. Internally uses a special version of EC-DH
 * supported since JavaCard 3.0.5 which outputs both X and Y in their uncompressed form.
 *
 * @param privateKey the scalar in a private key object
 * @param point the point to multiply
 * @param pointOff the offset of the point
 * @param pointLen the length of the point
 * @param out the output buffer
 * @param outOff the offset in the output buffer
 * @return the length of the data written in the out buffer
 */
short multiplyPoint(ECPrivateKey privateKey, byte[] point, short pointOff, short pointLen, byte[] out, short outOff) {
  ecPointMultiplier.init(privateKey);
  return ecPointMultiplier.generateSecret(point, pointOff, pointLen, out, outOff);
}
 

/**
 * Generate a new KeyPair over NIST P-256, for application of <code>applicationParameter</code>, export the
 * public key into <code>publicKey</code> at <code>publicKeyOffset</code> and export the wrapped private key
 * and application parameter into the <code>keyHandle</code> at <code>keyHandleOffset</code>.
 *
 * @param applicationParameter
 * @param applicationParameterOffset
 * @param generatedPrivateKey not used
 * @param publicKey
 * @param publicKeyOffset
 * @param keyHandle output array
 * @param keyHandleOffset offset into output array
 * @return always 64
 */
short generateKeyAndWrap(byte[] applicationParameter, short applicationParameterOffset, ECPrivateKey generatedPrivateKey, byte[] publicKey, short publicKeyOffset, byte[] keyHandle, short keyHandleOffset);
 

/**
 * Unwrap a <code>keyHandle</code> at <code>keyHandleOffset</code> with <code>keyHandleLength</code> and set
 * the unwrapped private key into <code>unwrappedPrivateKey</code> if the unwrapping was successful (if
 * <code>applicationParameter</code> at <code>applicationParameterOffset</code> was the same as the unwrapped one).
 *
 * @param keyHandle
 * @param keyHandleOffset
 * @param keyHandleLength not used, assumed 64
 * @param applicationParameter application to compare with
 * @param applicationParameterOffset
 * @param unwrappedPrivateKey output variable
 * @return true if a valid key belonging to the indicated application is obtained
 */
boolean unwrap(byte[] keyHandle, short keyHandleOffset, short keyHandleLength, byte[] applicationParameter, short applicationParameterOffset, ECPrivateKey unwrappedPrivateKey);
 

/**
 * Converts provided Bignat into temporary EC private key object. No new 
 * allocation is performed, returned ECPrivateKey is overwritten by next call.
 * @param bn Bignat with new value
 * @return ECPrivateKey initialized with provided Bignat
 */
public ECPrivateKey bignatAsPrivateKey(Bignat bn) {
    disposable_priv.setS(bn.as_byte_array(), (short) 0, bn.length());
    return disposable_priv;
}
 

public short generateKeyAndWrap(byte[] applicationParameter, short applicationParameterOffset, ECPrivateKey generatedPrivateKey, byte[] publicKey, short publicKeyOffset, byte[] keyHandle, short keyHandleOffset); 

public boolean unwrap(byte[] keyHandle, short keyHandleOffset, short keyHandleLength, byte[] applicationParameter, short applicationParameterOffset, ECPrivateKey unwrappedPrivateKey);