Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for constant-time decryption of PKCS#1 v1.5-encoded session keys #1445

Merged
merged 8 commits into from Jan 19, 2022

Conversation

larabr
Copy link
Collaborator

@larabr larabr commented Dec 1, 2021

Implement optional constant-time decryption flow to hinder Bleichenbacher-like attacks against RSA- and ElGamal public-key encrypted session keys.

Changes:

  • Add config.constantTimePKCS1Decryption to enable the constant-time processing (defaults to false). The constant-time option is off by default since it has measurable performance impact on message decryption, and it is only helpful in specific application scenarios (more info below).
  • Add config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms (defaults to the AES algorithms). The set of supported ciphers is restricted by default since the number of algorithms negatively affects performance.

Bleichenbacher-like attacks are of concern for applications where both of the following conditions are met:

  1. new/incoming messages are automatically decrypted (without user interaction);
  2. an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).

@@ -473,11 +476,14 @@ async function nodeDecrypt(data, n, e, d, p, q, u) {
try {
return new Uint8Array(nodeCrypto.privateDecrypt(key, data));
} catch (err) {
if (randomPayload) {
Copy link
Collaborator Author

@larabr larabr Dec 1, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not ideal, but I don't think we can do better than this

@larabr larabr requested a review from twiss Dec 1, 2021
src/crypto/pkcs1.js Outdated Show resolved Hide resolved
src/packet/public_key_encrypted_session_key.js Outdated Show resolved Hide resolved
larabr and others added 2 commits Dec 2, 2021
Co-authored-by: Daniel Huigens <d.huigens@protonmail.com>
twiss
twiss approved these changes Dec 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants