Bug 615372 - botan implements elliptic curve crypto
botan implements elliptic curve crypto
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: botan (Show other bugs)
rawhide
All Linux
low Severity high
: ---
: ---
Assigned To: Thomas Moschny
Fedora Extras Quality Assurance
: FutureFeature, Reopened
Depends On:
Blocks: FE-Legal ecc
  Show dependency treegraph
 
Reported: 2010-07-16 11:54 EDT by Michal Schmidt
Modified: 2015-09-11 10:55 EDT (History)
13 users (show)

See Also:
Fixed In Version: botan-1.8.9-4.el5
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-11 10:55:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
list of botan modules (7.07 KB, text/plain)
2010-07-17 06:09 EDT, Thomas Moschny
no flags Details

  None (edit)
Description Michal Schmidt 2010-07-16 11:54:16 EDT
In botan the files in src/pubkey/ec* seem to be an implementation of elliptic curves algorithms. EC is carefully removed from the openssl package in Fedora because of possible patent issues. It should be removed from botan too.
There may be other issues. Blocking FE-Legal.
Comment 1 Thomas Moschny 2010-07-16 12:48:29 EDT
Already talked with spot this week about this issue.

There might be more algorithms in Botan that need to be removed. I'll prepare a list for review (basically http://botan.randombit.net/algos.html, need to check the tarball to see whether it is uptodate).

Note though, that with respect to ECC patents, the author of Botan, Jack Lloyd, pointed me to  http://tools.ietf.org/id/draft-mcgrew-fundamental-ecc-03.txt and says: "... The IETF is publishing a reference soon that specifically gives a set of ECC algorithms over GF(p) all referencing prior art that puts the techniques described well out of the patent lifetime window [...] Hopefully that will alleviate some of the concerns eventually... (I am avoiding GF(2^m) ECC in botan specifically because that is where most of the active patents are right now)."
Comment 2 Thomas Moschny 2010-07-17 06:09:11 EDT
Created attachment 432556 [details]
list of botan modules

List of all modules in the Botan 1.8.9 (stable) tarball, generated from the info.txt files within the tarball itself.
Comment 3 Tom "spot" Callaway 2010-07-28 09:35:12 EDT
Thomas, currently all ECC algorithms are not permitted in Fedora. We will revisit the issue when and if the IETF reference containing documented prior art for specific algorithms is published.
Comment 4 Bug Zapper 2010-07-30 08:37:31 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Thomas Moschny 2010-08-04 13:09:08 EDT
Built botan-1.8.9-2.fc15 (057bdc15..) in rawhide.

The following modules have been removed.

 * Block Ciphers
   * IDEA [src/block/idea]
   * RC6 [src/block/rc6]
 * Public Key Base
   * ECC Public Key [src/pubkey/ecc_key]
   * ECC Domain Parameters [src/pubkey/ec_dompar]
   * ECDSA [src/pubkey/ecdsa]
   * ECKAEG [src/pubkey/eckaeg]
 * Math
   * GF(p) Math [src/math/gfpmath]

What about these block ciphers:

 * RC5 [src/block/rc5]
 * MISTY-1 [src/block/misty1]

Do they have to be removed, too?

And what about the other branches?
Comment 6 Tom "spot" Callaway 2010-08-23 08:27:52 EDT
MISTY-1 is fine, but RC5 is not. Please remove RC5.

As to other active branches, if they are including any of the modules listed above, then an update needs to be pushed which removes them.
Comment 7 Fedora Update System 2010-08-30 18:11:55 EDT
botan-1.8.9-4.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/botan-1.8.9-4.fc12
Comment 8 Fedora Update System 2010-08-30 18:12:01 EDT
botan-1.8.9-4.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/botan-1.8.9-4.fc13
Comment 9 Fedora Update System 2010-08-30 18:12:05 EDT
botan-1.8.9-4.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/botan-1.8.9-4.fc14
Comment 10 Fedora Update System 2010-08-30 18:29:48 EDT
botan-1.8.9-4.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/botan-1.8.9-4.el5
Comment 11 Thomas Moschny 2010-08-30 18:35:42 EDT
Additionally removed RC5 in botan-1.8.9-4.fc15.
Comment 12 Fedora Update System 2010-08-31 02:32:31 EDT
botan-1.8.9-4.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update botan'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/botan-1.8.9-4.fc13
Comment 13 Fedora Update System 2010-08-31 21:03:09 EDT
botan-1.8.9-4.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update botan'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/botan-1.8.9-4.el5
Comment 14 Fedora Update System 2010-09-08 21:15:48 EDT
botan-1.8.9-4.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2010-09-08 21:19:47 EDT
botan-1.8.9-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2010-09-09 00:37:05 EDT
botan-1.8.9-4.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2010-09-16 12:29:08 EDT
botan-1.8.9-4.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Zooko O'Whielacronx 2011-02-14 02:02:05 EST
(In reply to comment #3)
> Thomas, currently all ECC algorithms are not permitted in Fedora. We will
> revisit the issue when and if the IETF reference containing documented prior
> art for specific algorithms is published.

This is now published as RFC 6090:

https://datatracker.ietf.org/doc/rfc6090/
Comment 19 Thomas Moschny 2011-02-18 07:40:43 EST
So, I'd like to reopen the bug, and kindly ask you (resp. RH Legal) to revisit the case.

I asked Jack Lloyd (author of Botan):

"[...] Just to get that right (I'm no crypto expert): Can I explain to RH Legal (i.e. quote you), that in Botan, you are only using/implementing elliptic curve cryptography algorithms that are described in that RFC?"

And got this reply:

"Hi Thomas,

I suppose that is somewhat up for interpretation - for instance botan uses Jacobi coordinates rather than homogeneous coordinates; the RFC mentions Jacobi as an alternative and provides a 1986 reference on their use. Due to the choice of Jacobi coordinates, botan also uses different formula for point addition and subtraction than the one in the RFC; the specific formualas used were published in the research literature in the 1980s.

I am not aware of any current patent which seems to have any potential of covering any of the ECC techniques in botan. I intentionally avoid GF(2^n) curves, MQV, and any implementation technique published after about 1990 for this reason.

But I obviously cannot guarantee anything to anyone about the patent status of anything in botan, given the sheer insanity of the patent system we are operating under. If RH legal knows about any specific patent they think might be an issue, they should feel free to point it out.

-Jack"
Comment 20 Zooko O'Whielacronx 2011-03-02 10:20:27 EST
It sounds like to me that at this point the burden of proof has shifted to anyone who still thinks there is a patent risk here. All evidence points to there being no patent risk. If there is further evidence that should influence our behavior, let's see it. If not, let's stop removing the elliptic curve crypto from this package.
Comment 21 Tom "spot" Callaway 2011-03-02 10:33:17 EST
Zooko, you know quite well that it doesn't work that way, especially wrt patents.

Let's stop grandstanding on bugzilla, please? This is in my todo list.
Comment 22 Zooko O'Whielacronx 2011-03-02 11:21:43 EST
Gee, I didn't mean to offend. I actually don't know what you are talking about with respect to "how things work" with patents, and I also didn't know that you had an item in your todo list and I still don't know what that item is.

I thought suggesting action might be a good way to make forward progress instead of protracted discussion. Please accept my apologies if this was inappropriate.

Please consider this a request for information: is there something that we don't know about the patent situation? What is the item on your todo list? Is there something that I or someone else can do to help?

Thanks!

Regards,

Zooko
Comment 23 Tom "spot" Callaway 2011-03-02 11:45:35 EST
I don't need any additional information at this time, nor is there anything that you (or anyone in the community) can do to help. I have to discuss this with Red Hat.
Comment 24 Zooko O'Whielacronx 2011-03-02 12:06:54 EST
Possibly also relevant: DJB's list of patents and prior art:

http://cr.yp.to/ecdh/patents.html

It is focussed on his Curve25519, but much of it applies to other elliptic curve systems too, I think.
Comment 25 Zooko O'Whielacronx 2011-03-02 12:07:16 EST
(In reply to comment #23)
> I don't need any additional information at this time, nor is there anything
> that you (or anyone in the community) can do to help. I have to discuss this
> with Red Hat.

Okay, I look forward to your results.
Comment 26 Zooko O'Whielacronx 2011-05-03 15:06:25 EDT
Hi spot!

I don't mean to hassle you, but is there a timeline after which I can come back and ask you what Red Hat had to say? Or some signal that I can watch for?

I am planning future cryptography projects and more transparency about this issue would be helpful.

Regards,

Zooko
Comment 27 Tom "spot" Callaway 2011-05-03 15:49:37 EDT
As a general rule, you will never get transparency about issues involving patents.

So, no, there is no timeline, but this issue is still being investigated.
Comment 28 Fedora End Of Life 2013-04-03 16:18:08 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 29 Scott Schmit 2013-10-15 06:40:50 EDT
This may now be a non-issue. See bug #319901.
Comment 30 Ruben Kerkhof 2014-12-23 06:49:58 EST
Thomas, any reason why botan still ships without ECC?
I'd like to enable botan support in PowerDNS
Comment 31 Thomas Moschny 2015-01-02 12:46:01 EST
Sorry, somehow forgot about it. Will have a look at this again soon.
Comment 32 Fedora Update System 2015-02-26 14:08:42 EST
botan-1.10.9-4.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/botan-1.10.9-4.el7
Comment 33 Fedora Update System 2015-02-26 14:08:52 EST
botan-1.10.9-4.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/botan-1.10.9-4.fc20
Comment 34 Fedora Update System 2015-02-26 14:09:00 EST
botan-1.10.9-4.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/botan-1.10.9-4.fc21
Comment 35 Fedora Update System 2015-03-09 04:29:37 EDT
botan-1.10.9-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 36 Fedora Update System 2015-03-09 04:32:34 EDT
botan-1.10.9-4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 37 Fedora Update System 2015-03-14 20:58:52 EDT
botan-1.10.9-4.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.