kern/57427: mvxpsec(4) is vulnerable to cache-timing attacks on table-based AES key schedule

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/57427: mvxpsec(4) is vulnerable to cache-timing attacks on table-based AES key schedule
From: campbell+netbsd%mumble.net@localhost
Date: Mon, 22 May 2023 14:20:01 +0000 (UTC)

>Number:         57427
>Category:       kern
>Synopsis:       mvxpsec(4) is vulnerable to cache-timing attacks on table-based AES key schedule
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 22 14:20:01 +0000 2023
>Originator:     Taylor R Campbell
>Release:        current
>Organization:
The NetAES Foundatoin
>Environment:
>Description:
The mv_aes_enckey and mv_aes_deckey functions compute the AES key schedule using a table-driven S-box computation, which is vulnerable to cache-timing side channel attacks.

These functions should be changed to call br_aes_ct_keysched_stdenc and br_aes_ct_keysched_stddec instead.

This requires testing to verify that mv_aes_enckey/deckey are actually computing the standard AES key schedule; if they actually do a variant key schedule, well, someone has to write some bitsliced or vector-permuted code or something to compute the variant.
>How-To-Repeat:
code inspection
>Fix:
Yes, please!

Prev by Date: kern/57426: kernel aes(9) API should have optimized standard AES key schedule
Next by Date: port-amd64/57428: x86 should be able to use EFI RTC automagically
Previous by Thread: kern/57426: kernel aes(9) API should have optimized standard AES key schedule
Next by Thread: port-amd64/57428: x86 should be able to use EFI RTC automagically
Indexes:

Home | Main Index | Thread Index | Old Index