Abstract:
The method AESDecryptBuffer() in AESCrypt.c performs public key RSA encryption without OAEP padding, thereby making the encryption weak.
Explanation:
In practice, encryption with an RSA public key is usually combined with a padding scheme. The purpose of the padding scheme is to prevent a number of attacks on RSA that only work when the encryption is performed without padding.
Example 1: The following code performs encryption using an RSA public key without using a padding scheme:
void encrypt_with_rsa(BIGNUM *out, BIGNUM *in, RSA *key) {
u_char *inbuf, *outbuf;
int ilen;
...
ilen = BN_num_bytes(in);
inbuf = xmalloc(ilen);
BN_bn2bin(in, inbuf);
if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, RSA_NO_PADDING)) <= 0) {
fatal("encrypt_with_rsa() failed");
}
...
}
This category was derived from the Cigital Java Rulepack.
Recommendations:
In order to use RSA securely, OAEP (Optimal Asymmetric Encryption Padding) must be used when performing encryption.
Example 2: The following code performs encryption with an RSA public key using OAEP padding:
void encrypt_with_rsa(BIGNUM *out, BIGNUM *in, RSA *key) {
u_char *inbuf, *outbuf;
int ilen;
...
ilen = BN_num_bytes(in);
inbuf = xmalloc(ilen);
BN_bn2bin(in, inbuf);
if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, RSA_PKCS1_OAEP_PADDING)) <= 0) {
fatal("encrypt_with_rsa() failed");
}
...
}
0 comments:
Post a Comment