correct the arrayCopying of hmac in getHMAC(), rename aesRawKey as hashedSharedSecret

8cfdaad1 · Josh Ji · 2a5c69e0 · 8cfdaad1 · 8cfdaad1 · 8cfdaad1
Commit 8cfdaad1 authored Jun 19, 2022 by Josh Ji
4 changed files
--- a/build/javacard/applet.cap
+++ b/build/javacard/applet.cap
--- a/build/javacard/applet.exp/vku2f.jar
+++ b/build/javacard/applet.exp/vku2f.jar
--- a/build/javacard/applet.jca
+++ b/build/javacard/applet.jca
--- a/src/main/java/com/josh/vku2f/IDSecret.java
+++ b/src/main/java/com/josh/vku2f/IDSecret.java
@@ -19,7 +19,7 @@ public class IDSecret {
 	private final byte[] RxRp = new byte[4];
 	public final byte[] PuKp = new byte[65];
 	public  final byte[] sharedSecret = new byte[20];
-	public final byte[] aesRawKey = new byte[32];
+	public final byte[] hashedSharedSecret = new byte[32];
 	public final byte[] Cx = new byte[16];
 	public final byte[] encryptedCx = new byte[16];
 	public final byte[] hmac = new byte[32];
@@ -41,7 +41,7 @@ public class IDSecret {
 		Util.arrayFill(PuKp, (short)1, (byte)(PuKp.length-1), (byte)0);

 		Util.arrayFill(sharedSecret, (short)0, (byte)sharedSecret.length, (byte)0);
-		Util.arrayFill(aesRawKey, (short)0, (byte)aesRawKey.length, (byte)0);
+		Util.arrayFill(hashedSharedSecret, (short)0, (byte) hashedSharedSecret.length, (byte)0);
 		Random.getInstance().nextBytes(Cx, (short)0, (short)Cx.length);
 		Util.arrayFill(encryptedCx, (short)0, (byte)encryptedCx.length, (byte)0);
 		Util.arrayFill(hmac, (short)0, (byte)hmac.length, (byte)0);
@@ -63,8 +63,8 @@ public class IDSecret {
 	}

 	public void initAesKey(){
-		sha256.doFinal(sharedSecret, (short)0, (short)20, aesRawKey, (short)0);
-		aesKey.setKey(aesRawKey, (short)0);
+		sha256.doFinal(sharedSecret, (short)0, (short)20, hashedSharedSecret, (short)0);
+		aesKey.setKey(hashedSharedSecret, (short)0);
 		aesEncrypt.init(aesKey, Cipher.MODE_ENCRYPT, IV_ZERO_AES, (short)0, (short)IV_ZERO_AES.length);
 		aesDecrypt.init(aesKey, Cipher.MODE_DECRYPT, IV_ZERO_AES, (short)0, (short)IV_ZERO_AES.length);
 	}
@@ -90,7 +90,7 @@ public class IDSecret {
 		aesEncrypt.update(scratch, (short)0, (short)16, outputBuffer, outputOffset);
 		aesEncrypt.doFinal(scratch, (short)16, (short)16 , outputBuffer, (short)(outputOffset+16) );

-		Util.arrayCopy(scratch, (short)0, hmac, (short)0, (short)32 );
+		Util.arrayCopy(outputBuffer, (short)0, hmac, (short)0, (short)32 );
 	}

 	/**
@@ -106,7 +106,7 @@ public class IDSecret {
 		encoder.encodeByteString(getRxRp(), (short)0, (short)RxRp.length);
 		encoder.encodeByteString(PuKp, (short)0, (short)PuKp.length);
 		encoder.encodeByteString(sharedSecret, (short)0, (short)sharedSecret.length);
-		encoder.encodeByteString(aesRawKey, (short)0 , (short)aesRawKey.length);
+		encoder.encodeByteString(hashedSharedSecret, (short)0 , (short) hashedSharedSecret.length);
 		encoder.encodeByteString(Cx, (short)0, (short)Cx.length);
 		encoder.encodeByteString(encryptedCx, (short)0, (short)encryptedCx.length);
 		encoder.encodeByteString(hmac, (short)0, (short)hmac.length );