[Botan-devel] Botan::Invalid_IV_Length segfault

Jack Lloyd lloyd at randombit.net
Mon Jun 25 11:14:43 EDT 2007

On Mon, Jun 25, 2007 at 10:54:15AM -0400, John Proffer wrote:
> Hi, I'm getting Botan::Invalid_IV_Length runtime errors.  My IV key is 
> 32 bytes in length, and I initialize it with the following code:
> Botan::LibraryInitializer *botan_init = new Botan::LibraryInitializer(/*"secure_memory thread_safe"*/);
> Botan::byte mykey[33] = {"9j&RgczP-%Y#z65zxp$~#U=-ftXzSHzz" };
> Botan::byte mypass[33] = {"zfzgFsz7:zN#z2za98_a0!#:L=ozxz!z"};
> Botan::InitializationVector iv(mypass,32);
> Botan::SymmetricKey key(mykey,32);
> Botan::Pipe pipe(get_cipher("AES-256/CFB/NoPadding", key, 
> Botan::ENCRYPTION));
> application crashes at Botan::Pipe 
> pipe(get_cipher("AES-256/CFB/NoPadding", key, Botan::ENCRYPTION));
> I tried a 16 byte key with the same result.  Am I forgetting something?

AES has a 128 bit block size, so most modes (including CFB) will
require an IV of exactly 128 bits = 16 bytes. The key can be 16, 24,
or 32 bytes, though since you are explicitly specifying AES-256 you'll
need to use a 256 bit / 32 byte key (if you use "AES/CFB/NoPadding",
it would accept any valid AES key size). Also, you are not actually
passing iv to get_cipher, and since AES in CFB mode requires one, you
get an exception due to that (the iv paramater is optional since some
ciphers/modes do not require it).

For more control, you can also do it in steps:

      Keyed_Filter* cipher = get_cipher("AES-256/CFB/NoPadding", ENCRYPTION);
      Pipe pipe(cipher, new Base64_Encoder);

However be careful to set the IV after the key, that is an important
ordering constraint that is not enforced for you if you are doing it
manually. It is useful to do this in cases where the cipher/key/iv are
decided in a different place from where the processing occurs inside
the Pipe.

You can avoid hardcoding everything by using functions like
block_size_of("AES-256") and max_keylength_of("AES-256") to query
current implemtation (for AES-256 those will be fixed at 16 and 32,
but it makes intent clearer and will continue to work correctly if you
switch ciphers).

However I'm confused about your subject line - this certainly should
not be causing a segmentation fault! Running your code inside a
try/catch with a catch of std::exception that prints what(), I see

Botan: IV length 0 is invalid for AES-256/CFB

Outside of any try/catch, the exception unwind will walk up the stack
and eventually call abort() or somesuch thing, but that should not
evidence itself as a segmentation fault (though you might get a core
dump or equivalent due to the call to abort). Can you provide more
details on that?


More information about the botan-devel mailing list