Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[hw/csrng] Integrity protection for KV in CSRNG #10738

Open
moidx opened this issue Feb 10, 2022 · 10 comments
Open

[hw/csrng] Integrity protection for KV in CSRNG #10738

moidx opened this issue Feb 10, 2022 · 10 comments
Assignees
@vogelpi @johannheyszl
Labels
Component:RTL Component:Security Earlgrey-PROD Triaged Temporary label to triage issues into Earlgrey-PROD Milestones IP:csrng Priority:P2 Priority: medium Subsystem:Entropy entropy_src, csrng, or edn related issues Type:FutureRelease Not relevant to currently planned releases/milestones
Milestone
Backlog

Comments

@moidx
Copy link
Contributor

moidx commented Feb 10, 2022

This issue is to investigate integrity protection requirements for the DRBG internal state.
@moidx moidx mentioned this issue Feb 10, 2022
Closed
@tjaychen
Copy link

i think given that all the entropy blocks have passed D2S, this is probably relegated to future release.
Let me know if anyone objects.

@tjaychen tjaychen added the Type:FutureRelease Not relevant to currently planned releases/milestones label May 11, 2022
@cdgori
Copy link

cdgori commented Jun 29, 2022

I'm closing out some emails that have been languishing in my inbox...

I think this is fine to move to future release. My only caveat would be if we plan to have any pre-tapeout FIPS review of the CSRNG, that feedback could force this forward.

@moidx do you remember what specifically triggered you to file this issue? (Or just a general concern?)

@johngt
Copy link

johngt commented Nov 15, 2022

@moidx / @cdgori / @tjaychen - slightly older issue here, but just checking if this should be in M2?
I'm tagging as M3 but if this was something that needed to go in please change it back.

@johngt johngt added this to the Project: M3 milestone Nov 15, 2022
@moidx
Copy link
Contributor Author

moidx commented Nov 15, 2022

Moving to backlog as this was set as future release.

@moidx moidx modified the milestones: Project: M3, Backlog Nov 15, 2022
@andreaskurth
Copy link
Contributor

Triaged for csrng, keeping Type:FutureRelease Not relevant to currently planned releases/milestones .

@msfschaffner msfschaffner added the Earlgrey-PROD Candidate Temporary label to triage issues into Earlgrey-PROD Milestones label Oct 6, 2023
@msfschaffner msfschaffner added the Hotlist:Security Security Opinion Needed label Nov 3, 2023
@msfschaffner msfschaffner modified the milestones: Backlog, Earlgrey-PROD.M3 Nov 3, 2023
@msfschaffner
Copy link
Contributor

To be assessed for pentesting testplan.

@johannheyszl johannheyszl removed the Type:FutureRelease Not relevant to currently planned releases/milestones label Dec 12, 2023
@msfschaffner msfschaffner added the Subsystem:Entropy entropy_src, csrng, or edn related issues label Dec 21, 2023
@vogelpi
Copy link
Contributor

vogelpi commented Dec 21, 2023

TODO:

@vogelpi
Copy link
Contributor

vogelpi commented Jan 11, 2024

I've studied the D2S review notes. The option of adding integrity protection for key and v inside was raised in the D2S meeting and we wanted to check with labs if this is advisable. It was mentioned in the discussion that loosing a couple of bits in the input (i.e. before AES) can be argued to be not that bad. It was also mentioned that adding integrity protection could be exploited itself, e.g., via SCA.

@johannheyszl and I talked about this and we believe that if integrity protection was added key and v inside CSRNG, it should also be added to the ENTROPY_SRC output and especially the EDNs. This is assuming it wouldn't introduce any other vulnerabilities. The later down the pipeline the entropy is manipulated, the worse the problem becomes.

Adding comprehensive integrity protection to the entropy complex is a huge task. We believe this should only be done if we have clear evidence that it's actually required and it doesn't introduce other vulnerabilities. I am thus labeling this as FutureRelease and removing PROD labels.

@vogelpi vogelpi removed the Earlgrey-PROD Candidate Temporary label to triage issues into Earlgrey-PROD Milestones label Jan 11, 2024
@msfschaffner
Copy link
Contributor

Thanks @vogelpi, this sounds reasonable.

@msfschaffner msfschaffner added the Earlgrey-PROD Triaged Temporary label to triage issues into Earlgrey-PROD Milestones label Jan 11, 2024
@johannheyszl
Copy link
Contributor

For completeness, the pentesting plan contains a test geared towards this issue.

@johannheyszl johannheyszl added Type:FutureRelease Not relevant to currently planned releases/milestones and removed Hotlist:Security Security Opinion Needed triaged-security labels Jan 12, 2024
This was referenced Mar 29, 2024
Closed
Closed
Closed
Closed
@vogelpi vogelpi mentioned this issue Jun 7, 2024
Closed
@vogelpi vogelpi mentioned this issue Jun 25, 2024
Closed
@vogelpi vogelpi mentioned this issue Jul 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vogelpi vogelpi

@johannheyszl johannheyszl

Labels
Component:RTL Component:Security Earlgrey-PROD Triaged Temporary label to triage issues into Earlgrey-PROD Milestones IP:csrng Priority:P2 Priority: medium Subsystem:Entropy entropy_src, csrng, or edn related issues Type:FutureRelease Not relevant to currently planned releases/milestones
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
8 participants
@johngt @tjaychen @andreaskurth @moidx @vogelpi @cdgori @msfschaffner @johannheyszl