无法使用javascript桥接Elliptic Curve Diffie-Hellman

时间:2013-04-26 12:11:35

标签: php javascript cryptography elliptic-curve diffie-hellman

我知道这是一个非常具体的问题,但我尝试使用Elliptic Curve Diffie-Hellman算法(ECDH)基于2个看似合理的库来交换php和客户端之间的密钥:

  1. https://github.com/mdanter/phpecc用于php部分和

  2. http://www-cs-students.stanford.edu/~tjw/jsbn/ecdh.html为js部分。

  3. 似乎参数(在第二个演示中可以看到)不适合(1)中的Mattias Danter库!

    我尝试了什么:

    一个。在php中生成Alice公钥

    湾从(a)中取x和y值,并在stanford的js演示页面中代替Alice字段

    ℃。从页面产生(b)Bob的公共点和私钥

    d。在(a)重新运行php但现在将Alice的属性重置为上一次运行(我必须在Mattias Danter类中添加一些setter)然后使用Bob的公共值和密钥将Bob重置为javascript的值

    即导入键并进行比较

    但是php遇到错误:

    Fatal error: Uncaught exception 'ErrorException' with message 'Curve CurveFp Object 
    ( [a:protected] => -3 [b:protected] => 
    2455155546008943817740293915197451784769108058161191238065 [prime:protected] => 
    6277101735386680763835789423207666416083908700390324961279 ) does not contain point 
    ( 1328803036204499271979785126753219480492435117174 , 
    -228023147101697490181439300085858154675358736333 )' in 
    /var/www/users/test/php/tests/ext/phpecc-master/classes/Point.php:53 
    

    搜索我的代码我发现了导致错误的原因:它是在Alice计算公共密钥时:

    public function calculateKey() {
      $this->agreed_key = Point::mul($this->secret, $this->receivedPubPoint)->getX();
    }
    

    Bob的公钥(来自javascript)存储在EcDH::receivedPubPoint中并生成错误!!

    这是具有一定身份的对象Alice(EcDH类):

    Alice:
    EcDH Object
    (
      [generator:EcDH:private] => Point Object
      (
        [curve] => CurveFp Object
        (
          [a:protected] => -3
          [b:protected] => 2455155546008943817740293915197451784769108058161191238065
          [prime:protected] => 6277101735386680763835789423207666416083908700390324961279
        )
    
        [x] => 602046282375688656758213480587526111916698976636884684818
        [y] => 174050332293622031404857552280219410364023488927386650641
        [order] => 6277101735386680763835789423176059013767194773182842284081
      )
    
      [pubPoint:EcDH:private] => Point Object
      (
        [curve] => CurveFp Object
        (
          [a:protected] => -3
          [b:protected] => 2455155546008943817740293915197451784769108058161191238065
          [prime:protected] => 6277101735386680763835789423207666416083908700390324961279
        )
    
        [x] => 1230571492519579244570075682716266141492045436832711426918
        [y] => 925696034592317781055362853857916815608433923236519324844
        [order] =>
      )
    
      [receivedPubPoint:EcDH:private] =>
      [secret:EcDH:private] => 14506874945990177925841757912817895350330843517362
      [agreed_key:EcDH:private] =>
    )
    

    我的观点是,由于“{椭圆曲线参数”下的字段在http://www-cs-students.stanford.edu/~tjw/jsbn/ecdh.html中的实现方式,javascript公共值不正确。

    通过搜索更多我发现,与php版本相比,斯坦福代码的这些js块是有问题的:

    // ECCurveFp
    // constructor
    function ECCurveFp(q,a,b) {
        this.q = q;
        this.a = this.fromBigInteger(a);
        this.b = this.fromBigInteger(b);
        this.infinity = new ECPointFp(this, null, null);
    }
    
    // ----------------
    // SECNamedCurves
    function secp192k1() {
        // p = 2^192 - 2^32 - 2^12 - 2^8 - 2^7 - 2^6 - 2^3 - 1
        var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37");
        var a = BigInteger.ZERO;
        var b = fromHex("3");
        //byte[] S = null;
        var n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D");
        var h = BigInteger.ONE;
        var curve = new ECCurveFp(p, a, b);
        var G = curve.decodePointHex("04"
                    + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D"
                    + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D");
        return new X9ECParameters(curve, G, n, h);
    }
    

    有什么建议吗?

    感谢。

1 个答案:

答案 0 :(得分:1)

您应该确保JS和PHP库使用相同的曲线。他们呢?