TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
the BigInteger interprets the peer's public key as negative number, if the leftmost bit of the byte array is set. Using BigInteger sharedElement = new BigInteger(1, publicKey).modPow(privateKey.abs(), ffdheGroup.getP().abs()); should solve the issue.
Hi!
There seems to be an error during the calculation of the shared secret when using FFDHE groups. In
https://github.com/tls-attacker/TLS-Attacker/blob/7e249320248a362411df1c493099147fda3a228d/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/crypto/KeyShareCalculator.java#L99
the BigInteger interprets the peer's public key as negative number, if the leftmost bit of the byte array is set. Using
BigInteger sharedElement = new BigInteger(1, publicKey).modPow(privateKey.abs(), ffdheGroup.getP().abs());
should solve the issue.Best regards Matthias