From stuart at apl.washington.edu Thu May 1 13:56:20 2014
From: stuart at apl.washington.edu (Stuart Maclean)
Date: Thu, 01 May 2014 10:56:20 -0700
Subject: [botan-devel] Possible to rsa encrypt a zero ?
In-Reply-To:
References:
Message-ID: <53628AC4.2070705@apl.washington.edu>
I am playing with a session key exchange using RSA, I am using Botan
1.8.10 in Linux.
In testing, I initially set my session key of 32 bytes to all zeros.
This failed to encrypt, I get a Botan error
terminate called after throwing an instance of 'Botan::Invalid_Argument'
what(): Botan: Power_Mod::set_base: arg must be > 0
Aborted (core dumped)
I am wondering if this is a bug or whether you simply cannot set the
message 'm' to zero and expect m^e mod n to work?? Here's the code used
to produce the error above:
using namespace Botan;
LibraryInitializer init;
int main( int argc, char* argv[] ) {
// deliberate random/undefined
char n[512];
const BigInt mod = BigInt::decode( (byte*)n, 512 );
RSA_PublicKey* kPub = new RSA_PublicKey( mod, 65537 );
char sessionKey[32];
if( 1 )
memset( sessionKey, 0, 32 );
AutoSeeded_RNG rng;
SecureVector c = kPub->encrypt( (byte*)sessionKey, 32, rng );
}
NOT memsetting the sessionkey buffer to zero, which will result in
undefined data in sessionkey (from the stack) somehow 'fixes' the issue.
Anyone care to comment on this?
Thanks
Stuart
From lloyd at randombit.net Thu May 1 15:53:58 2014
From: lloyd at randombit.net (Jack Lloyd)
Date: Thu, 1 May 2014 15:53:58 -0400
Subject: [botan-devel] Possible to rsa encrypt a zero ?
In-Reply-To: <53628AC4.2070705@apl.washington.edu>
References:
<53628AC4.2070705@apl.washington.edu>
Message-ID: <20140501195358.GA2927@randombit.net>
On Thu, May 01, 2014 at 10:56:20AM -0700, Stuart Maclean wrote:
> I am playing with a session key exchange using RSA, I am using Botan 1.8.10
> in Linux.
>
> In testing, I initially set my session key of 32 bytes to all zeros. This
> failed to encrypt, I get a Botan error
>
> terminate called after throwing an instance of 'Botan::Invalid_Argument'
> what(): Botan: Power_Mod::set_base: arg must be > 0
> Aborted (core dumped)
>
> I am wondering if this is a bug or whether you simply cannot set the message
> 'm' to zero and expect m^e mod n to work??
Well, I suppose it would 'work' in the sense that 0^e mod n equals 0
and 0^d mod n will return the plaintext 0, so RSA is in fact still
invertible in this case, but isn't a particularly useful case either.
Strictly speaking obviously modular exponentiation is defined for any
integer base, but in practice a number <= zero would never happen here
outside of a bug.
> NOT memsetting the sessionkey buffer to zero, which will result in undefined
> data in sessionkey (from the stack) somehow 'fixes' the issue.
That makes sense as likely at least on bit is then set in the buffer,
resulting in encrypting a positive integer.
Please do consider using an padding scheme such as OAEP (called EME1
in most releases for obscure reasons - see doc/examples/rsa_enc.cpp
for example usage) as RSA encrypting raw bitstrings in this manner has
a number of nasty pitfalls. In fact more recent versions remove the
encrypt() operation on RSA keys entirely, as it was intended only for
implementing higher-level operations and not directly for use by
applications. As these padding schemes add both structure and and some
level of randomization it ensures that even an all-zero string is
represented as some positive integer, so that encryption works
normally for any message, even an empty/all-zero one.
Cheers,
Jack
From mjuszkiewicz at redhat.com Mon May 12 08:00:23 2014
From: mjuszkiewicz at redhat.com (Marcin Juszkiewicz)
Date: Mon, 12 May 2014 14:00:23 +0200
Subject: [botan-devel] [PATCH] Add AArch64 support
Message-ID: <5370B7D7.1020702@redhat.com>
Attached patch adds basic support for AArch64 (64-bit ARM) architecture.
Enough to get it built.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: botan-aarch64.patch
Type: text/x-diff
Size: 377 bytes
Desc: not available
URL: