Get CryptoException.ILLEGAL_VALUE when generating ECC key pair

Question

I used JCOP card to generate ECC key pair. I can create ECPrivateKey, ECPublicKey, KeyPair w/o any problems, but it throws exception CryptoException.ILLEGAL_VALUE when genKeyPair(). What's wrong with my card or my operation? I have no idea. Could you please tell me where I made the mistake? Much appreciated!

BTW, I found that JCAlgTest has encountered the same problem, pls check the test report here.

Here is my code.

public void process(APDU apdu)
 {
   if (selectingApplet())
  {
    return;
  }

byte[] buf = apdu.getBuffer();
switch (buf[ISO7816.OFFSET_INS])
{
case (byte)0x00:
    JCSystem.requestObjectDeletion();
    break;
case (byte)0x01:
    ecPubKey = (ECPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PUBLIC, KeyBuilder.LENGTH_EC_FP_160, false);
    ecPriKey = (ECPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_160, false);
    break;
case (byte) 0x02:
    kp = new KeyPair(ecPubKey, ecPriKey);
    break;
case (byte) 0x03:
    try {
        kp.genKeyPair();
    } catch (CryptoException e) {
        short reason = e.getReason();
        apdu.setOutgoing();
        apdu.setOutgoingLength((short) 2);
        Util.setShort(buf, (short) 0, reason);
        apdu.sendBytes((short) 0, (short) 2);
        ISOException.throwIt((short) 0x6F00);
    }
    break;
default:
    ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
}
}

Answer 1

You need to set the ECC domain parameters, otherwise it doesn't know which ones to use (and it's a bit tricky to let a card carry all known named curves, space is at a premium). You need to set them at least for the public key and - in case of NXP cards - probably for the private key as well.