Merge pull request #2630 from canokeys/fix_ecdh_kek_error
Fix ECDH decryption error using NIST curves
This commit is contained in:
commit
7e5738bd5c
1 changed files with 11 additions and 1 deletions
|
@ -164,6 +164,16 @@ public class PsoDecryptTokenOp {
|
|||
*/
|
||||
byte[] keyEncryptionKey = response.getData();
|
||||
|
||||
int xLen;
|
||||
boolean isCurve25519 = CryptlibObjectIdentifiers.curvey25519.equals(eckf.getCurveOID());
|
||||
if (isCurve25519) {
|
||||
xLen = keyEncryptionKey.length;
|
||||
} else {
|
||||
xLen = (keyEncryptionKey.length - 1) / 2;
|
||||
}
|
||||
final byte[] kekX = new byte[xLen];
|
||||
System.arraycopy(keyEncryptionKey, isCurve25519 ? 0 : 1, kekX, 0, xLen);
|
||||
|
||||
final byte[] keyEnc = new byte[encryptedSessionKeyMpi[mpiLength + 2]];
|
||||
|
||||
System.arraycopy(encryptedSessionKeyMpi, 2 + mpiLength + 1, keyEnc, 0, keyEnc.length);
|
||||
|
@ -172,7 +182,7 @@ public class PsoDecryptTokenOp {
|
|||
final MessageDigest kdf = MessageDigest.getInstance(MessageDigestUtils.getDigestName(publicKey.getSecurityTokenHashAlgorithm()));
|
||||
|
||||
kdf.update(new byte[]{(byte) 0, (byte) 0, (byte) 0, (byte) 1});
|
||||
kdf.update(keyEncryptionKey);
|
||||
kdf.update(kekX);
|
||||
kdf.update(publicKey.createUserKeyingMaterial(fingerprintCalculator));
|
||||
|
||||
byte[] kek = kdf.digest();
|
||||
|
|
Loading…
Add table
Reference in a new issue