Merge pull request #128 from tls-attacker/ffdheKeyshares

mmaehren · web-flow · commit efb90e2d5400 · 2022-07-05T16:44:23.000+02:00
Fixed interpretation of FFDHE key share byte values
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/crypto/KeyShareCalculator.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/crypto/KeyShareCalculator.java
@@ -96,7 +96,7 @@ public static byte[] computeSharedSecret(NamedGroup group, BigInteger privateKey
             }
         } else {
             FFDHEGroup ffdheGroup = GroupFactory.getGroup(group);
-            BigInteger sharedElement = new BigInteger(publicKey).modPow(privateKey.abs(), ffdheGroup.getP().abs());
+            BigInteger sharedElement = new BigInteger(1, publicKey).modPow(privateKey.abs(), ffdheGroup.getP().abs());
             return ArrayConverter.bigIntegerToNullPaddedByteArray(sharedElement,
                 ffdheGroup.getP().bitLength() / Bits.IN_A_BYTE);
         }

Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ public static byte[] computeSharedSecret(NamedGroup group, BigInteger privateKey`
`96`	`96`	`}`
`97`	`97`	`} else {`
`98`	`98`	`FFDHEGroup ffdheGroup = GroupFactory.getGroup(group);`
`99`		`- BigInteger sharedElement = new BigInteger(publicKey).modPow(privateKey.abs(), ffdheGroup.getP().abs());`
	`99`	`+ BigInteger sharedElement = new BigInteger(1, publicKey).modPow(privateKey.abs(), ffdheGroup.getP().abs());`
`100`	`100`	`return ArrayConverter.bigIntegerToNullPaddedByteArray(sharedElement,`
`101`	`101`	`ffdheGroup.getP().bitLength() / Bits.IN_A_BYTE);`
`102`	`102`	`}`