Support of KeyAgreement.ALG_EC_SVDP_DH_PLAIN

[frankmorgner]

Do you plan to support KeyAgreement.ALG_EC_SVDP_DH_PLAIN which is defined (at least) since Java Card 3.0.4?

I'm a bit confused because there is a jcardsim snapshot of version 3.0.4, but the KA scheme is not defined anywhere in the java code.

[licel]

We are actively working on the implementation of the absent functionality of 3.0.4/3.0.5 - ALG_EC_SVDP_DH_PLAIN is slightly different from ALG_EC_SVDP_DH, and we will need to check the implementation on a card, I think within a couple of days this algorithm will be supported in jCardSim.

[paulbastian]

I wrote a standalone version recently (tested) and imported that to the KeyAgreementImpl (untested):
Have a try.

public class KeyAgreementImpl extends KeyAgreement {
    BasicAgreement engine;
    SHA1Digest digestEngine;
    byte algorithm;
    ECPrivateKeyImpl privateKey;

    public KeyAgreementImpl(byte algorithm) {
        this.algorithm = algorithm;
        switch(algorithm) {
        case 1:
            this.engine = new ECDHBasicAgreement();
            this.digestEngine = new SHA1Digest();
            break;
        case 2:
            this.engine = new ECDHCBasicAgreement();
            this.digestEngine = new SHA1Digest();
            break;
        case 3:
            this.engine = new ECDHBasicAgreement();
            this.digestEngine = null;
            break;
        default:
            CryptoException.throwIt((short)3);
        }  
    }

    public void init(PrivateKey privateKey) throws CryptoException {
        if(privateKey == null) {
            CryptoException.throwIt((short)2);
        }

        if(!(privateKey instanceof ECPrivateKeyImpl)) {
            CryptoException.throwIt((short)1);
        }

        this.engine.init(((ECPrivateKeyImpl)privateKey).getParameters());
        this.privateKey = (ECPrivateKeyImpl)privateKey;
    }

    public byte getAlgorithm() {
        return this.algorithm;
    }

    public short generateSecret(byte[] publicData, short publicOffset, short publicLength, byte[] secret, short secretOffset) throws CryptoException {
        byte[] publicKey = new byte[publicLength];
        Util.arrayCopyNonAtomic(publicData, publicOffset, publicKey, (short)0, publicLength);
        ECPublicKeyParameters ecp = new ECPublicKeyParameters(((ECPrivateKeyParameters)this.privateKey.getParameters()).getParameters().getCurve().decodePoint(publicKey), ((ECPrivateKeyParameters)this.privateKey.getParameters()).getParameters());
        byte[] result = this.engine.calculateAgreement(ecp).toByteArray();

        switch(algorithm) {
        case 1:
        case 2:
            byte[] hashResult = new byte[20];
            this.digestEngine.update(result, 0, result.length);
            this.digestEngine.doFinal(hashResult, 0);
            Util.arrayCopyNonAtomic(hashResult, (short)0, secret, secretOffset, (short)hashResult.length);
            return (short)hashResult.length;
        case 3:
            Util.arrayCopyNonAtomic(result, (short)0, secret, secretOffset, (short)result.length);
            return (short)result.length;
        default:
            CryptoException.throwIt((short)3);
        }  
    }
}

[petrs]

J08nY opened pull request #121 implementing ALG_EC_SVDP_DH_PLAIN_XY

[J08nY]

@licel DH_PLAIN is now implemented along with DHC_PLAIN and DH_PLAIN_XY so this can be closed.