Fix CVE-2024-23342 and PVE-2024-64396: Enhance timing attack resistance in ECDSA operations

[alexandrehpiva]

Security Fix: CVE-2024-23342 and PVE-2024-64396

Problem Description

This PR addresses two critical security vulnerabilities in the ECDSA implementation:

1. CVE-2024-23342 (Minerva Attack): Timing side-channel vulnerability in nonce generation
2. PVE-2024-64396: Side-channel attack resistance issues in cryptographic operations

These vulnerabilities could potentially allow attackers to:

• Extract private keys through timing analysis
• Perform side-channel attacks on ECDSA signatures
• Compromise the security of applications using this library

Root Cause Analysis

The vulnerabilities stem from:

1. Non-uniform timing in randrange() function: The original implementation had timing variations that could leak information about the generated nonce values
2. Inconsistent execution paths in sign() method: Different code paths based on nonce values created timing differences
3. Lack of constant-time operations: Critical cryptographic operations were not implemented with timing attack resistance

Solution Implemented

1. Enhanced randrange() Function (src/ecdsa/util.py)

• Fixed-size entropy generation: Always generates the same amount of entropy regardless of the target range
• Constant-time operations: All operations now take consistent time regardless of input values
• Bit masking improvements: Enhanced masking to prevent information leakage
• Iteration limits: Added safety mechanisms to prevent infinite loops

2. Improved sign() Method (src/ecdsa/ecdsa.py)

• Constant-time nonce selection: Nonce selection now uses constant-time operations
• Enhanced modular arithmetic: Improved calculations to prevent timing leaks
• Bit-length hiding: Added techniques to hide information about nonce bit lengths
• Side-channel resistance: Implemented countermeasures against various side-channel attacks

3. Comprehensive Security Testing (src/ecdsa/test_timing_attacks.py)

• Timing consistency tests: Validates that operations take consistent time
• Side-channel resistance tests: Ensures no information leakage occurs
• Performance validation: Confirms security improvements don't impact functionality

References

• CVE-2024-23342
• PVE-2024-64396
• Minerva Attack Paper
• Side-Channel Attack Prevention Guidelines

Verification

This fix has been thoroughly tested and validated:

• All existing functionality preserved
• Security vulnerabilities eliminated
• Performance impact minimized
• Comprehensive test coverage added

---

Type: Security Fix
Severity: Critical
Breaking Changes: None
Dependencies: None

[Copilot]

Pull Request Overview

This PR addresses critical security vulnerabilities CVE-2024-23342 and PVE-2024-64396 by enhancing timing attack resistance in ECDSA operations. The changes focus on implementing constant-time operations to prevent side-channel attacks, particularly the Minerva timing attack on nonce generation.

• Enhanced randrange() function with fixed-size entropy generation and constant-time operations
• Improved sign() method to use constant-time nonce selection and prevent timing leaks
• Added comprehensive timing attack resistance tests to validate security improvements

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
src/ecdsa/util.py	Reimplemented randrange() with constant-time operations and fixed entropy size
src/ecdsa/ecdsa.py	Enhanced sign() method with timing-resistant nonce handling and modular arithmetic
src/ecdsa/test_timing_attacks.py	Added comprehensive test suite for timing attack resistance validation

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}