[Botan-devel] Botan 64-bit on Solaris

Rickard Bondesson Rickard.Bondesson at iis.se
Wed Jan 7 05:17:13 EST 2009


> TBH this sounds a lot like a compiler bug - have you tried 
> compiling the 64-bit version with all optimizations disabled? 
> Also, is the test suite passing? Sorry, I have a feeling I've 
> asked this before but in the intervening week+ I've been 
> pretty distracted.

All checks are OK

> How are you checking the length of the p/q variables? 
> Certainly a 768 bit RSA key should have 48 byte p/q values in 
> all cases.

This function saves the BigInt in the database via a byte array.

  void SoftDatabase::saveAttributeBigInt(int objectID, CK_ATTRIBUTE_TYPE type, BigInt *bigNumber) {
    CK_ULONG size = bigNumber->bytes();
    CK_VOID_PTR buf = (CK_VOID_PTR)malloc(size);

    bigNumber->binary_encode((byte *)buf);

    this->saveAttribute(objectID, type, buf, size);
    free(buf);
  }

This function is called via these lines:

  // The RSA modulus bits
  IF_Scheme_PrivateKey *ifKeyPriv = dynamic_cast<IF_Scheme_PrivateKey*>(rsaKey);
  BigInt bigNumber = ifKeyPriv->get_n();
  CK_ULONG bits = bigNumber.bits();
  this->saveAttribute(objectID, CKA_MODULUS_BITS, &bits, sizeof(bits));

  // The RSA modulus
  this->saveAttributeBigInt(objectID, CKA_MODULUS, &bigNumber);

  // The RSA public exponent
  bigNumber = ifKeyPriv->get_e();
  this->saveAttributeBigInt(objectID, CKA_PUBLIC_EXPONENT, &bigNumber);

  // The RSA private exponent
  bigNumber = ifKeyPriv->get_d();
  this->saveAttributeBigInt(objectID, CKA_PRIVATE_EXPONENT, &bigNumber);

  // The RSA prime p
  bigNumber = ifKeyPriv->get_p();
  this->saveAttributeBigInt(objectID, CKA_PRIME_1, &bigNumber);

  // The RSA prime q
  bigNumber = ifKeyPriv->get_q();
  this->saveAttributeBigInt(objectID, CKA_PRIME_2, &bigNumber);

But it does not function correctly in 64-bit mode as I mentioned (Reusing of the bigNumber variable.). The conversion to the byte array thinks that the BigInts (p and q) are smaller than they actual are when running in 64-bit mode. It works if I change the lines above to:

  // The RSA modulus bits
  IF_Scheme_PrivateKey *ifKeyPriv = dynamic_cast<IF_Scheme_PrivateKey*>(rsaKey);
  BigInt bigMod = ifKeyPriv->get_n();
  CK_ULONG bits = bigMod.bits();
  this->saveAttribute(objectID, CKA_MODULUS_BITS, &bits, sizeof(bits));

  // The RSA modulus
  this->saveAttributeBigInt(objectID, CKA_MODULUS, &bigMod);

  // The RSA public exponent
  BigInt bigExp = ifKeyPriv->get_e();
  this->saveAttributeBigInt(objectID, CKA_PUBLIC_EXPONENT, &bigExp);

  // The RSA private exponent
  BigInt bigPrivExp = ifKeyPriv->get_d();
  this->saveAttributeBigInt(objectID, CKA_PRIVATE_EXPONENT, &bigPrivExp);

  // The RSA prime p
  BigInt bigPrime1 = ifKeyPriv->get_p();
  this->saveAttributeBigInt(objectID, CKA_PRIME_1, &bigPrime1);

  // The RSA prime q
  BigInt bigPrime2 = ifKeyPriv->get_q();
  this->saveAttributeBigInt(objectID, CKA_PRIME_2, &bigPrime2);

Anyway.... Will be running the code as the last lines.

The 64-bit version gave significantly improved signing speeds. Great!

// Rickard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20090107/a7521dfa/attachment.sig>


More information about the botan-devel mailing list