-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
opencryptoki vulnerable to the Marvin Attack #731
Comments
The attached archive contain a C program gathering duration of RSA decryption and test.sh is a shell script doing a system setup and verifying the functionality. For the actual analysis I had:
|
And a slightly more graphical representation of the results: @opencryptoki will you assign a CVE for this, or should we ask for one? |
@tomato42 How is the Marvin attack different to the RSA PKCS #1.5 timing attack we worked on some time ago (it was regarding the IBMCA provider back then)? I wonder because I did spend quite an effort to harden Opencryptoki against those kind of timing attacks on RSA private key operations back then as well. See commits @kkaarreell can you please check if those commits are part of the OpenCryptoki level you are using? They are all in the upstream 3.21.0 release. |
@ifranzki , i have checked and confirmed that those commits are part of the OpenCryptoki level @kkaarreell is using. |
Yes, these are present. I will also do the testing with opencryptoki-3.22.0 and post an update here later. |
@ifranzki it's the same attack. I don't know why it's visible despite those patches, likely something was still missed. Unfortunately, the best advice I have for figuring out where the leakage is coming from is to follow the approach documented in https://securitypitfalls.wordpress.com/2023/09/29/debugging-timing-side-channel-leaks/ |
Actually, this is incorrect: opencryptoki/usr/lib/common/mech_rsa.c Lines 363 to 371 in 239fefc
You need to use algorithm from RSA_padding_check_PKCS1_type_2(), NOT from ossl_rsa_padding_check_PKCS1_type_2() |
@kkaarreell Could you please give it a try with the commit from #732 ? This should apply clean on 3.21.0 as well. |
@ifranzki we have rather noisy s390x machines (no dedicated cores), running the test on a system without CPU overcommitting will provide actionable results much quicker |
I've just configured two systems, one with opencryptoki-3.22.0 and another one with opencryptoki-3.22.0+patch from #732. It will take ~2 days to get measurements for ciphers.bin from the original report. |
I will definitively setup the tests on one of my machine as well. However, this will take a bit time to setup and verify. Also I will be on vacation for the next 2 weeks, returning in the first week of January. So I won't be able to produce any measurements myself until then. @kkaarreell Thanks for running it. Looking forward to see the results :-) |
How many samples have that been? 2000000 like in your instructions above? |
Yes. This is the value used in the script, it uses 12 different configurations for each "iteration" so in the end we have 12x2000000 encrypted messages. |
I have finished my own run with 2000000 iterations with the patched opencryptoki-3.22.0 on a IBM z16 LPAR.
|
5 times better results (smaller CI) when running on more quiet system is expected. Karel would have to run 18 times larger sample to get similar confidence interval While 6.6ns is quite good, I would recommend to get it to the 1ns range, which will require about 36 times as much data (around 72 million total), before saying it's "definitely fixed" Remember to generate new set of ciphertexts for every run, and use the |
I was testing on ICA token. Is dealing with other type of tokens different codewise? Should we test them separately? I can test swtoken but I am not sure it makes sense. |
I was measuring on ICA token, too. The code in question (which is affected by the fix in #732) is used by both, the soft token and the ICA token. So without the fix you should see the same leaks on the soft token, but the fix fixes both, the ICA and the soft token. The other tokens (CCA, EP11) are secure key tokens and the complete RSA decrypt operation (including unpadding) is performed inside the crypto cards. So this is out of scope for Opencryptoki. |
No. You still have to pass the error and returned byte array in constant time, if you don't then opencryptoki will create a side-channel. That's part of the CVE-2023-5992 in OpenSC |
Right, I am aware about this and the opencryptoki code does it that way. |
Have you tested it? |
Yes, I did run dudect (https://github.com/oreparaz/dudect) based tests against it, comparing the timing of an invalid padding versus a valid padding. |
I wouldn't trust dudect to detect small side channels: oreparaz/dudect#27 |
I have done analysis on a bigger sample (11 samples each of size 12x2000000 combined), gathered on two test systems.
|
I have merged PR #732 for now. |
I have implemented implicit rejection in PR #737. With this the following was measured using data produced by
|
What's the CVE number for this? |
CVE-2024-0914 has been allocated. |
I've verified that opencryptoki is vulnerable to the Marvin Attack—a timing variant of the well-known Bleichenbacher attack.
I've executed the test on RHEL-9, using opencryptoki opencryptoki-3.21.0, on a ICA token and openssl-3.0.7-18.el9_2 . I will attach the reproducer shortly. The testing and analysis has been executed using the marvin-toolkit.
The test summary:
According to Hubert Kario:
I am attaching an archive with the report and will kindly ask tomato42 to provide more detailed explanation.
The text was updated successfully, but these errors were encountered: