[Botan-devel] Botan IV key incompatibility?

John Proffer jproffer at vli-dc.com
Sun Jul 1 15:16:40 EDT 2007 

Hi,

While trying to do database validation, and have encountered a problem - 
seems that Botan's AES implementation is incompatible with that used by 
PHP?  PHP needs an IV the same size as the blocksize (32 bytes).. 
whereas Botan's IV only works on 16 bytes when using AES-256.  Anything 
larger (e.g. 32 bytes/256 bits).

In the following code, Botan segfaults my application at cipher->set_iv(iv);

    Botan::byte mykey[33] =  {"Uf0zFs97zUNzPzHa9z_zz!z:L=ozxz!z"};
    Botan::byte mypass[33] = {"UfzzFs97zUzzP2Ha98_az!z:L=ozxz!j"};
    Botan::SymmetricKey key(mypass,32);
    Botan::InitializationVector iv(mykey,32);
    Keyed_Filter* cipher = get_cipher("AES-256/CFB/NoPadding", ENCRYPTION);
    cipher->set_key(key);
    cipher->set_iv(iv);

Shouldn't the IV be expecting 32 bytes when declaring AES-256 as the 
cipher?  Am I calling this in the wrong order or something?

botan-devel-request at randombit.net wrote:
> Send botan-devel mailing list submissions to
> 	botan-devel at randombit.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://www.randombit.net/mailman/listinfo/botan-devel
> or, via email, send a message with subject or body 'help' to
> 	botan-devel-request at randombit.net
>
> You can reach the person managing the list at
> 	botan-devel-owner at randombit.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of botan-devel digest..."
>
>
> Today's Topics:
>
>    1. Re: Botan::Invalid_IV_Length segfault (Jack Lloyd)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 25 Jun 2007 11:14:43 -0400
> From: Jack Lloyd <lloyd at randombit.net>
> Subject: Re: [Botan-devel] Botan::Invalid_IV_Length segfault
> To: Botan development list <botan-devel at randombit.net>
> Message-ID: <20070625151443.GE18437 at randombit.net>
> Content-Type: text/plain; charset=us-ascii
>
> On Mon, Jun 25, 2007 at 10:54:15AM -0400, John Proffer wrote:
>   
>> Hi, I'm getting Botan::Invalid_IV_Length runtime errors.  My IV key is 
>> 32 bytes in length, and I initialize it with the following code:
>>
>> Botan::LibraryInitializer *botan_init = new Botan::LibraryInitializer(/*"secure_memory thread_safe"*/);
>> Botan::byte mykey[33] = {"9j&RgczP-%Y#z65zxp$~#U=-ftXzSHzz" };
>> Botan::byte mypass[33] = {"zfzgFsz7:zN#z2za98_a0!#:L=ozxz!z"};
>> Botan::InitializationVector iv(mypass,32);
>> Botan::SymmetricKey key(mykey,32);
>> Botan::Pipe pipe(get_cipher("AES-256/CFB/NoPadding", key, 
>> Botan::ENCRYPTION));
>>
>> application crashes at Botan::Pipe 
>> pipe(get_cipher("AES-256/CFB/NoPadding", key, Botan::ENCRYPTION));
>>
>> I tried a 16 byte key with the same result.  Am I forgetting something?
>>     
>
> AES has a 128 bit block size, so most modes (including CFB) will
> require an IV of exactly 128 bits = 16 bytes. The key can be 16, 24,
> or 32 bytes, though since you are explicitly specifying AES-256 you'll
> need to use a 256 bit / 32 byte key (if you use "AES/CFB/NoPadding",
> it would accept any valid AES key size). Also, you are not actually
> passing iv to get_cipher, and since AES in CFB mode requires one, you
> get an exception due to that (the iv paramater is optional since some
> ciphers/modes do not require it).
>
> For more control, you can also do it in steps:
>
>       Keyed_Filter* cipher = get_cipher("AES-256/CFB/NoPadding", ENCRYPTION);
>       cipher->set_key(key);
>       cipher->set_iv(iv);
>       Pipe pipe(cipher, new Base64_Encoder);
>
> However be careful to set the IV after the key, that is an important
> ordering constraint that is not enforced for you if you are doing it
> manually. It is useful to do this in cases where the cipher/key/iv are
> decided in a different place from where the processing occurs inside
> the Pipe.
>
> You can avoid hardcoding everything by using functions like
> block_size_of("AES-256") and max_keylength_of("AES-256") to query
> current implemtation (for AES-256 those will be fixed at 16 and 32,
> but it makes intent clearer and will continue to work correctly if you
> switch ciphers).
>
> However I'm confused about your subject line - this certainly should
> not be causing a segmentation fault! Running your code inside a
> try/catch with a catch of std::exception that prints what(), I see
>
> Botan: IV length 0 is invalid for AES-256/CFB
>
> Outside of any try/catch, the exception unwind will walk up the stack
> and eventually call abort() or somesuch thing, but that should not
> evidence itself as a segmentation fault (though you might get a core
> dump or equivalent due to the call to abort). Can you provide more
> details on that?
>
> -Jack
>
>
> ------------------------------
>
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://www.randombit.net/mailman/listinfo/botan-devel
>
>
> End of botan-devel Digest, Vol 30, Issue 10
> *******************************************
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jproffer.vcf
Type: text/x-vcard
Size: 392 bytes
Desc: not available
Url : http://www.randombit.net/pipermail/botan-devel/attachments/20070701/1744d61b/jproffer.vcf

More information about the botan-devel mailing list