Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptographic API Misuse Vulnerability: Do not use insecure algorithm(textbook or padding PKCS 1v1.5) for RSA #38

Open
gxx777 opened this issue Nov 7, 2023 · 0 comments
Open

Cryptographic API Misuse Vulnerability: Do not use insecure algorithm(textbook or padding PKCS 1v1.5) for RSA #38

gxx777 opened this issue Nov 7, 2023 · 0 comments

Comments

@gxx777
Copy link

gxx777 commented Nov 7, 2023

Description:

In the upydev repository, specifically within the keygen.py script, the RSA algorithm is implemented with PKCS 1v1.5 padding, which is known to be insecure and vulnerable to Bleichenbacher](https://link.springer.com/content/pdf/10.1007/bfb0055716.pdf) attack which is a chosen-ciphertext attack that exploits vulnerabilities within the RSA PKCS1v1.5 padding scheme. The use of this padding scheme can lead to security issues where an attacker may exploit the vulnerability to decipher encrypted messages or forge signatures.

Affect Version

upydev 0.4.3

Location:

https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L919
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1176
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1253
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1311
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1125

Expected Behavior:
The cryptographic module should utilize a secure padding scheme for RSA such as OAEP (Optimal Asymmetric Encryption Padding) which is currently recommended as a safer alternative to PKCS 1v1.5.

Actual Behavior:
The current implementation of the RSA encryption and signature verification in keygen.py uses PKCS 1v1.5 padding, which is outdated and has known vulnerabilities that compromise the security of cryptographic operations.

Reference:

CWE-780: Use of RSA Algorithm without OAEP

Recommendations:

It is recommended to use OAEP (Optimal Asymmetric Encryption Padding) as the encryption scheme and PSS (Probabilistic Signature Scheme) as the signature scheme, as they offer better security.

  1. Refactor the RSA implementation to use OAEP padding for encryption and PSS padding for signature, which are both provided by the RSA module in standard libraries like PyCryptodome and cryptography.io.
    2 . Conduct a thorough audit of the cryptographic operations throughout the application to ensure that secure practices are being followed.

It's crucial for the security of upydev users that this issue is addressed promptly, as cryptographic weaknesses can have severe implications for the privacy and integrity of communications facilitated by this tool.

message = b"encrypted data"
ciphertext = public_key.encrypt(
    message,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#encryption

Please let me know if you require any further information or assistance in addressing this issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gxx777