diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java index c9462a6..f2b5314 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java @@ -50,17 +50,34 @@ public class KeyAgreementSpi private byte[] bigIntToBytes( BigInteger r) { + // + // RFC 2631 (2.1.2) specifies that the secret should be padded with leading zeros if necessary + // must be the same length as p + // + int expectedLength = (p.bitLength() + 7) / 8; + byte[] tmp = r.toByteArray(); - - if (tmp[0] == 0) + + if (tmp.length == expectedLength) + { + return tmp; + } + + if (tmp[0] == 0 && tmp.length == expectedLength + 1) { - byte[] ntmp = new byte[tmp.length - 1]; + byte[] rv = new byte[tmp.length - 1]; - System.arraycopy(tmp, 1, ntmp, 0, ntmp.length); - return ntmp; + System.arraycopy(tmp, 1, rv, 0, rv.length); + return rv; } - - return tmp; + + // tmp must be shorter than expectedLength + // pad to the left with zeros. + byte[] rv = new byte[expectedLength]; + + System.arraycopy(tmp, 0, rv, rv.length - tmp.length, tmp.length); + + return rv; } protected Key engineDoPhase( |