DiffieHellman doesn’t generate keys after setting a key
const dh = crypto.createDiffieHellman(1024);
//set private key to 2
dh.setPrivateKey(Buffer.from("02", 'hex'));
//outputs 02 (as expected)
console.log(dh.getPrivateKey().toString('hex'));
//generate random private key
dh.generateKeys();
//outputs 02: zero day.
console.log(dh.getPrivateKey().toString('hex'));
OpenSSL (https://github.com/majek/openssl/blob/master/crypto/dh/dh_key.c) doesn’t generate keys when they’re already instantiated:
if (dh->priv_key == NULL)
{
priv_key=BN_new();
if (priv_key == NULL) goto err;
generate_new_key=1;
}
else
priv_key=dh->priv_key;
if (dh->pub_key == NULL)
{
pub_key=BN_new();
if (pub_key == NULL) goto err;
}
else
pub_key=dh->pub_key;
node:crypto should use OpenSSL correctly. Method generateKeys()
should re-instantiate OpenSSL before requesting a key, thereby avoiding the above.
DiffieHellman may be used as the basis for application level security, implications are consequently broad. E.g., key reuse can cause major problems, cryptanalysis may break confidentiality, integrity, …