Hi. I'm trying to use this library while reverse engineering a commercial product. DH is used for the authentication procedure. To verify its correctness, I'm using known values for prime, generator, client's private key, client's public key, server's public key, and the shared secret, all of which are either fixed or logged by the product. Unfortunately I just can't manage to calculate the same shared secret.
import Ember from 'ember';
import CryptoJS from 'cryptojs';
import BU from 'npm:buffer';
import DH from 'npm:diffie-hellman';
export default Ember.Component.extend({
// prime used by product
prime1024: 'F488FD584E49DBCD20B49DE49107366B336C380D451D0F7C88B31C7C5B2D8EF6F3C923C043F0A55B188D8EBB558CB85D38D334FD7C175743A31D186CDE33212CB52AFF3CE1B1294018118D7C84A70A72D686C40319C807297ACA950CD9969FABD00A509B0246D3083D66A45D419F9C7CBD894B221926BAABA25EC355E92F78C7',
didInsertElement() {
// this.connect();
this.testEncryption();
},
testEncryption() {
let dh = DH.createDiffieHellman(this.prime1024, 'hex', '02', 'hex');
dh.setPrivateKey(new BU.Buffer('650620144A0F0A22C999AA0D71A4EEB65294021A', 'hex'));
dh.setPublicKey(new BU.Buffer('ikU8ISwVZuLx2TMdDTZKKD+M4USmwQBvygjjULJDKzp+GLZoSO1umMFlz+9BJl+SB4snQfj7IqjtFKGb0M9eLKtEoR0fMnO1P6sOPcYCqA14FXA+wLKAs6VV6Xev1gxLm4QgFBxZ7z6p1dLRM0sTEAt2FKJ40KZxTlEk9hRbfH0A', 'base64')); // probably irrelevant
console.log('client private key', dh.getPrivateKey('base64'));
// what server sends
var serverPublicKey = 'qM/0YWK5nsVSHmg7HQgKA5qlzWdUqE/OTlth3r2IMwEIcoSADlp8sggkYU9ggg3Oy4QGKWPfxI2ABgcV0dXnDUVx8zQ9wQJCLKEKHtEVG2LeJUkjMVfn4JGvzlcMF1sTsPSsCrVuLJfdpNR5MhUvLwY+xivMBylpvJbuM8XEtHg=';
var decServerPublicKey = new BU.Buffer(serverPublicKey, 'base64').reverse(); // LE -> BE
var serverPublicKeyShould = [168, 207, 244, 97, 98, 185, 158, 197, 82, 30, 104, 59, 29, 8, 10, 3, 154, 165, 205, 103, 84, 168, 79, 206, 78, 91, 97, 222, 189, 136, 51, 1, 8, 114, 132, 128, 14, 90, 124, 178, 8, 36, 97, 79, 96, 130, 13, 206, 203, 132, 6, 41, 99, 223, 196, 141, 128, 6, 7, 21, 209, 213, 231, 13, 69, 113, 243, 52, 61, 193, 2, 66, 44, 161, 10, 30, 209, 21, 27, 98, 222, 37, 73, 35, 49, 87, 231, 224, 145, 175, 206, 87, 12, 23, 91, 19, 176, 244, 172, 10, 181, 110, 44, 151, 221, 164, 212, 121, 50, 21, 47, 47, 6, 62, 198, 43, 204, 7, 41, 105, 188, 150, 238, 51, 197, 196, 180, 120];
console.log("decoded server public key (is)", decServerPublicKey);
console.log("server public key (should)", serverPublicKeyShould);
var ss = dh.computeSecret(decServerPublicKey);
console.log('shared secret (is)', ss);
console.log('shared secret rev (is)', ss.reverse());
var ssShould = [159, 188, 246, 56, 207, 51, 58, 201, 186, 137, 134, 198, 130, 81, 40, 235, 108, 166, 40, 208, 19, 13, 249, 77, 0, 137, 114, 15, 154, 131, 240, 105, 193, 236, 41, 220, 51, 210, 161, 255, 188, 201, 123, 106, 95, 74, 93, 217, 193, 161, 146, 8, 49, 102, 185, 172, 174, 91, 183, 78, 142, 122, 196, 235, 106, 81, 253, 239, 252, 63, 0, 11, 158, 182, 141, 189, 66, 49, 91, 17, 40, 53, 165, 192, 194, 78, 130, 75, 169, 212, 46, 41, 171, 232, 98, 198, 7, 139, 225, 49, 70, 243, 179, 79, 24, 1, 52, 23, 125, 204, 160, 255, 129, 142, 170, 130, 26, 59, 127, 99, 107, 84, 175, 91, 167, 132, 72, 216]
;
console.log('shared secret (should)', ssShould);
},
});
To prove that these values are correct, I've done the same in Ruby, where it works: