Remove extra null byte at start of DH shared secret that BigInteger s…

…ometimes adds to indicate the integer sign Signed-off-by: Ben Krieger <[email protected]>
fido-device-onboard · Sep 28, 2024 · e39f483 · e39f483
1 parent 7e477f3
commit e39f483
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardCryptoService.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardCryptoService.java
@@ -726,8 +726,13 @@ public KeyExchangeResult getSharedSecret(String suiteName, byte[] message, KexMe
             ownState.getState().covertValue(DiffieHellman.KeyExchange.class);
 
         try {
-          return new KeyExchangeResult(
-              ke.computeSharedSecret(new BigInteger(1, message)).toByteArray(), new byte[0]);
+          byte[] shSe = ke.computeSharedSecret(new BigInteger(1, message)).toByteArray();
+          if (shSe[0] == 0x00) {
+            byte[] tmp = new byte[shSe.length - 1];
+            System.arraycopy(shSe, 1, tmp, 0, tmp.length);
+            shSe = tmp;
+          }
+          return new KeyExchangeResult(shSe, new byte[0]);
         } finally {
           try {
             ke.destroy();