Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Marvin Attack on rsa crate #1825

Merged
merged 2 commits into from
Nov 28, 2023
Merged

Add Marvin Attack on rsa crate #1825

merged 2 commits into from
Nov 28, 2023

Conversation

tarcieri
Copy link
Member

@tarcieri tarcieri commented Nov 28, 2023
edited
Loading

@tarcieri tarcieri mentioned this pull request Nov 28, 2023
Open
tarcieri
tarcieri commented Nov 28, 2023
View reviewed changes
crates/rsa/RUSTSEC-0000-0000.md
A recent survey of RSA implementations found that the Rust `rsa` crate is one
of many implementations vulnerable to this attack.

No fixed version is available at this time.
Copy link
Member Author

@tarcieri tarcieri Nov 28, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm working on adding the prerequisites to crypto-bigint needed to fix this problem, but it's going to be a lot of work (it presently uses a fork of num-bigint which wasn't designed for constant-time cryptography)

Shnatsel
Shnatsel approved these changes Nov 28, 2023
View reviewed changes
Copy link
Member

@Shnatsel Shnatsel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is good to go as-is, but if you think a patched version is going to go out in a week or two I'm fine with holding it back until that is available.

@tarcieri tarcieri changed the title [WIP] Add Marvin Attack on rsa crate Add Marvin Attack on rsa crate Nov 28, 2023
@tarcieri tarcieri marked this pull request as ready for review November 28, 2023 14:03
@tarcieri
Copy link
Member Author

I'm a bit worried about publishing an advisory which has no call-to-action / mitigation. But given the potential severity, it's probably better to inform users and channel discussion to places where we can give authoritative answers, rather than having people discover it elsewhere and speculate.

A week or two might be an ambitious target for fixing this, although I have implemented most of the necessary functionality to do so in the crypto-bigint crate. That said, there's a large amount of algorithm implementation code in the rsa crate which will need to be adapted, and I expect that will take some time.

@tarcieri tarcieri merged commit b40bd2a into main Nov 28, 2023
@tarcieri tarcieri deleted the rsa/marvin-attack branch November 28, 2023 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Shnatsel Shnatsel Shnatsel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tarcieri @Shnatsel