You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. Download rsa_test.go (attached, credit to wrtp from #go-nuts for writing it) into
$GOROOT/src/pkg/crypto/rsa
- File includes 1 test case and a method, TestEncryptOAEP2
- TestEncryptOAEP2 runs an infinite loop trying to encrypt random, short messages and testing the length of the encrypted result.
- The same effect can be achieved by using random seeds on a fixed message (I think)
2. Run gotest
3. Wait for error
What is the expected output?
Loops indefinitely, no error
What do you see instead?
gotest fails in under a minute
Which compiler are you using (5g, 6g, 8g, gccgo)?
6g
Which operating system are you using?
Ubuntu Linux
Which revision are you using? (hg identify)
1d32c7df56c8+ tip
Why this may be important: When attempting to encrypt more than ((pub.N.BitLen() + 7) /
8 - 2*hash.Size()-2) bytes, the result of subsequent calls to rsa.EncryptOAEP over
smaller slices of data can be appended to each other to form the resulting data (I
believe this is considered secure). A non-constant output length creates programming
overhead for programmers, presenting them with two solutions:
* Account for the behaviour by associating "block length" information with each encrypted block, or
* Manually pad-out the encryption result to the expected length
Further Information: The C implementation of RSAES-OAEP at
http://www.rsa.com/products/bsafe/documentation/cryptoc_621_dev_guide/group__AD__CRC__OAEP.html
seems to use a constant blockLength, so it seems that a constant length is
"expected behaviour" according to RSA
Workaround: prepend the resulting encrypted data block with the difference between
expected and actual length of output data.
eg: encrypted = append(make([]byte, expectedLen - len(encrypted)), encrypted). In
practice, it seems that this difference is up to 1 byte.
PS: I hope this bug report is informative and useful, if I could have improved it,
please let me know.
mikioh
changed the title
rsa.EncryptOAEP returning data with unexpected/inconsistent length
crypto/rsa: EncryptOAEP returning data with unexpected/inconsistent length
Jan 14, 2015
by reuben.bond:
Attachments:
The text was updated successfully, but these errors were encountered: