CODEWITHSUNDEEP
javajavacarddiffie-hellman
Petr Skyva
Petr Skyva

Reputation: 71

Diffie Hellman JavaCard

I have a problem with DiffieHellman on JavaCard. I have this class: https://pastebin.com/2F2sQ2Pe (https://github.com/ASKGLab/DHApplet) ( its bigger file so I uplouded to pastebin not sure if its a problem )

And then I create 2 instance of it and call it like this ( show only one instance ):

DiffieHellman dh = new DiffieHellman();
dh.init();
dh.getY(hostY, (short)0);
dh.setY(cardY, (short) 0, (short) cardY.length, (short) 0); 
AESKey encKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES_TRANSIENT_RESET, KeyBuilder.LENGTH_AES_128, false);
dh.doFinal(encKey);

hostY and cardY are public values. I tried it on desktop App so I have guarance that there is no probleme with Communication with JavaCard. So my question is that after all of this SharedSecret differ and I have no idea why because I execute Y = G^bobPrivKey mod P via RSA's decrypt to get Y's transfer them and then execute S = Y^a mod p via RSA's decrypt.

Thank's for any answer in advance.

Upvotes: 0

Views: 330

Answers (1)

vlp
vlp

Reputation: 8116

(Assuming you are using jCardSim for Java Card API emulation on desktop)

There is a problem with jCardSim that it always uses CRT private keys (as used RSAKeyPairGenerator always generates CRT private keys which always implement RSAPrivateCrtKeyParameters -- see here and here).

So every jCardSim RSA private key (even that generated with ALG_RSA) is implemented by RSAPrivateCrtKeyImpl (you can check yourself with .getClass().getCanonicalName()).

The real problem is that RSAPrivateCrtKeyImpl class ignores the value of modulus when doing the actual crypto:

AssymetricCipherImpl.init():

// ...some code above skipped...
KeyWithParameters key = (KeyWithParameters) theKey;
engine.init(theMode == MODE_ENCRYPT, key.getParameters());
// ...some code below skipped...

RSAPrivateCrtKeyImpl.getParameters() -- there is no use of modulus field:

public CipherParameters getParameters() {
    if (!isInitialized()) {
        CryptoException.throwIt(CryptoException.UNINITIALIZED_KEY);
    }
    // modulus = p * q;
    return new RSAPrivateCrtKeyParameters(p.getBigInteger().multiply(q.getBigInteger()), null,
            null, p.getBigInteger(), q.getBigInteger(),
            dp1.getBigInteger(), dq1.getBigInteger(), pq.getBigInteger());
}

So the setModulus() call used to set the desired DH Group prime has no effect and the original (generated) modulus is used.

Good luck!

Upvotes: 2

Related Questions