3

I am kind of new in Java Card development and I try to implement NAXOS protocol on JavaCard and my problem is to power to variables. My JavaCard version is 2.2.1, I use such code to do that:

package RsaEncryption;

import javacard.framework.*;
import javacard.security.KeyBuilder;
import javacard.security.RSAPrivateKey;
import javacardx.crypto.Cipher;

public class RsaEncryption extends Applet {

    static final byte PLAIN_CLA = (byte) 0x00;
    private RSAPrivateKey privKey;
    Cipher cipher;
    public static void install(byte[] bArray,short bOffset,byte bLength) {
        new RsaEncryption(bArray, bOffset, bLength);
    }

    private RsaEncryption(byte[] bArray, short bOffset, byte bLength){
        register();
    }

    public boolean select() {
        return true;
    }

    public void deselect() {
    }


    public void process(APDU apdu) {
        if (selectingApplet()) {
            return;
        }
        byte[] buffer = apdu.getBuffer();
        apdu.setIncomingAndReceive();
        short lenOfData = (short)(buffer[ISO7816.OFFSET_LC]);
        byte[] tmp = new byte[lenOfData];




        privKey = (RSAPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PRIVATE, KeyBuilder.LENGTH_RSA_1024, false);
        cipher = Cipher.getInstance(Cipher.ALG_RSA_NOPAD, false);

        byte[] G = {0x02};
        byte[] P = {0x05};
        byte[] x = {0x03};

        short maxL = 256;
        privKey.setModulus(P, (short)0, maxL);
        privKey.setExponent(x, (short)0, maxL);

        cipher.init(privKey, Cipher.MODE_DECRYPT);

        // Execute G^x mod P using RSA's decrypt
        cipher.doFinal(G, (short) 0, maxL, tmp, (short) 0);


      // tmp[2] = 0x5;
        //buffer[6] = tmp[0];
       // buffer[7] = tmp[1];

        //Util.arrayCopyNonAtomic(buffer, ISO7816.OFFSET_CDATA, tmp, (short)0, (short)tmp.length);

        for(short i=(short)0; i<lenOfData;i++){
          buffer[i]= tmp[(short)(i)];
        }
        //apdu.sendBytesLong(tmp, (short)0, (short)5);
        apdu.setOutgoingAndSend((short) 0, (short)tmp.length);
    }

}

The output I get is 

mode_211
enable_trace
establish_context
card_connect -readerNumber 1
select -AID A0000002471201
Command --> 00A4040007A0000002471201
Wrapped command --> 00A4040007A0000002471201
Response <-- 9000
send_apdu -APDU 8000000009010203040506070809FF
Command --> 8000000009010203040506070809FF
Wrapped command --> 8000000009010203040506070809FF
Response <-- 6F00
send_APDU() returns 0x80206F00 (Unknown ISO7816 error: 0x6F00)

Can you suggest any other way to power two numbers on Java Card ?

DanoPlu
  • 279
  • 1
  • 16
  • 1
    Calls to `setModulus()` and `setExponent()` use invalid length (`maxL` is `256` and the arrays have length `1`). Consider using `G`, `P`, `x` with 128 bytes -- and use a very large modulus to get correct results (your G^x would be modulo 5 which you probably don't want)...good luck! – vlp Jun 05 '16 at 19:12
  • Thank you for your response, I changed the maxL variable to 1 and tried compute simple numbers i.e. 2 to power of 3 and it still doesn't work – DanoPlu Jun 05 '16 at 20:32
  • Did you try 128 byte long `G`, `P`, `x` arrays? – vlp Jun 05 '16 at 20:48
  • Thank you, it worked, I managed to sucessfully raise one number to another thanks to RSA implementation. You can post taht as an answer so I can accept that. – DanoPlu Jun 05 '16 at 21:59
  • Btw. I noticed, that it doesn't work when base is different than 2. Any suggestions? – DanoPlu Jun 05 '16 at 22:07
  • Did you change the modulus `P` to be a very large number? – vlp Jun 08 '16 at 15:30

1 Answers1

3

You're probably better off by trying the Diffie-Hellman primitives. Modular exponentiation for Diffie-Hellman is much less likely to be hampered by additional constraints than modular exponentiation for RSA.

In both cases you'd of course be constrained to modular arithmetic - for obvious reasons.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thanks for your answer, I believe you are right and DH would also do the job, but I managed to power two numbers using RSA implementation. +1 for suggesting using DH protocol to do that. – DanoPlu Jun 07 '16 at 22:47
  • Great, glad you got this solved. Be sure to share your answer too! – Maarten Bodewes Jun 07 '16 at 23:00