DHKeyExchange/Blowfish - unexpected decryption outcome

[Creepish.longman]

I am writing a proxy that analyzes packets passed between a client and server. For simplicity, i have limited the scope of this question to the interaction between a client and server. My program can be seen as the server in this context.

Task description: a test server that handles these operations
1. on client connection:
-generate P,G, server DHPrivateKey, DHPublicKey
-generate blowfish IV
-send to client P,G, serverDHPublicKey, IV

2. on client first reply
-extract out client DH public key
-complete DH key agreement -> obtains client/server shared key
-set shared key as the blowfish key

3. on client 2nd reply
-decrypt client's msg using blowfish cipher
Task complete.


Initially i have had a problem initializing my blowfish cipher using the shared key that i have obtained. An runtime exception was thrown; InvalidKeyException - Illegal Key Size. I managed to get past that by switching to unlimited policy files.

Now that i can initialize the cipher, i tried to decrypt client's 2nd reply. The decryption carried out without any exception, but the outcome was not what i expected - in fact nonsensical.

Immediately it became clear that this "Shared key" that i have obtained isn't really shared between client and server.

Knowing that the blowfish cipher actually worked, I am left with the hypothesis that DH key exchange was not carried out properly; or the shared key might not have been obtained properly.

These are the modified(only some variable names) codes that will fit in this context.
DH Exchange

Code:

    public void DHKeyExchange(int mode) throws DHKeyExchangeException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
        BigInteger p = new BigInteger(datapool.P, 16);
        BigInteger g = new BigInteger(datapool.G, 16);
        BigInteger PublicKey = new BigInteger(datapool.ClientPublicKey, 16);
        BigInteger ServerPrivateKey = new BigInteger(datapool.ServerPrivateKey, 16);
        DHPublicKeySpec pub = new DHPublicKeySpec(PublicKey, p, g);
        DHPrivateKeySpec pri = new DHPrivateKeySpec(ServerPrivateKey, p, g);

        /***************************************************************
         * Using public key to generate PublicKey object
         * and ServerPrivateKey to generate PrivateKey object
         ***************************************************************/
        KeyFactory kfac = KeyFactory.getInstance("DiffieHellman");
        PublicKey PubKey = kfac.generatePublic(pub);
        PrivateKey PrivKey = kfac.generatePrivate(pri);

        /******************************
         * initialize agreement object
         *******************************/
        KeyAgreement agreement = KeyAgreement.getInstance("DiffieHellman");
        //initialized agreement object with private key.
        agreement.init(PrivKey);

        /*******************************
         * Complete the DH key exchange
         ******************************/
        agreement.doPhase(PubKey, true);

        datapool.SharedKey = agreement.generateSecret("Blowfish"); // a SecretKey object was generated
        //i am not sure if i should have simply obtained the secret key as bytes, but by doing that i need to go through the hassle of converting it back to a key.
    }

Blowfish Cipher

Code:

    blowfish = Cipher.getInstance("Blowfish/CFB64/NoPadding");
    blowfish.init(Cipher.DECRYPT_MODE, datapool.SharedKey, IV);
    byte[] decryptedPacket = blowfish.doFinal(encryptedPacket);

What did i do wrong to result in this error?

[Creepish.longman]

These are the possible fields where i think the error has been introduced.

1. Improper DH exchange: Secret can be generated as a SecretKey Object or array of bytes
(i used the prior. Infact i do not know which one should i actually use. generating as a bunch of bytes means that i'll be getting a binary representation of a big decimal, then i need to cast it to a Secret Key object. Isn't it same as simply generating it as a SecretKey object? On the other hand, does Cipher objects get initialized by SecretKey and Key objects only? other subclasses of Keys are refused?)

2. Incorrect casting of keys from Strings to associated Key objects.