2020-04-28 Side channel vulnerability of ECDSA key generation
Former user (Deleted)
Maher Azarkan
Yuriy Zavgorodniy
| Title | Side channel vulnerability of ECC key generation |
|---|---|
| Reporter | CVE-2019-18222 |
| Hilscher Ticket |
|
| Affects | Hilscher mbedTLS prior to V1.2.0.0 |
| Not affected | Hilscher mbedTLS V1.2.0.0 |
| Impact | Private Key Recovery, Forging |
| CVSS | 4.7 |
| Severity | MEDIUM |
| Last modified |
Vulnerability Description
Short Decription
The current implementation of ECC key generation allows an attacker to recover the private key.
Detailed Description
Obtaining precise timings on the comparison in the key generation enabled the attacker to learn leading bits of the ephemeral key used during ECDSA signatures and to recover the private key.
Vulnerability Severity
| CVSS v3 Base Score | 4.7 |
| CVSS v3 Temporal Score | 4.7 |
| CVSS v3 Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVSS v3 Link: | https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Impact / Implications
Exposure of the private ECC key.
Corrective Action or Resolution
Affected entities should update to Hilscher mbedtls version V1.2.0.0.
Workaround
There is no workaround.
Additional Information
Note the hilscher mbedtls version V1.2.0.0 on platforms netX51/52, netX100/500, netX4000 are affected by this vulnerability. mbedTLS version V1.2.0.0 and prior for the netX90 platform is not affected as the signature generation is directly done using the cryptographic accelerator which does inclusion of blinding scalar reduction at the end.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222
Disclaimer
The security advisory and information contained herein, are provided on an "as is" basis and do not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. The information in this advisory should not be construed as a commitment by Hilscher. In no event shall Hilscher be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, nor shall Hilscher be liable for incidental or consequential damages arising from use of any software or hardware described in this advisory.
Hilscher provides no warranty, express or implied, for the information contained in this document, and assumes no responsibility for the information contained in this document or for any errors that may appear in this document. Your use of the advisory and information contained herein, or materials linked from the advisory, is at your own risk. Information in this advisory and any related communications is based on our knowledge at the time of publication and is subject to change without notice. Hilscher reserves the right to change or update advisorys at any time.