- Reported
-
- Issued
-
- Package
-
libcrux-ed25519
(crates.io)
- Type
-
Vulnerability
- References
-
- CVSS Score
- 8.2
HIGH
- CVSS Details
-
- Attack Complexity
- Low
- Attack Requirements
- Present
- Attack Vector
- Network
- Privileges Required
- None
- Availability Impact to the Subsequent System
- None
- Confidentiality Impact to the Subsequent System
- None
- Integrity Impact to the Subsequent System
- None
- User Interaction
- None
- Availability Impact to the Vulnerable System
- None
- Confidentiality Impact to the Vulnerable System
- None
- Integrity Impact to the Vulnerable System
- High
- CVSS Vector
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
- Patched
-
- Affected Functions
- Version
libcrux_ed25519::generate_key_pair-
Description
The libcrux-ed25519 key generation samples Ed25519 secret keys from a
provided CSPRNG in a loop for up to 100 attempts until a non-zero key
is found. If a non-zero key could not be sampled within 100 attempts
the key generation function would silently continue with an all-zero buffer as
the secret key.
Impact
This bug only occurs in the event of a catastrophic failure of the
CSPRNG, but would allow anyone to forge signatures under the resulting
static signing key.
Mitigation
Instead of silently continuing with an all-zero signing key, starting
from version 0.0.7 key generation will error in the case of 100
failed attempts at sampling a valid key.
Advisory available under CC0-1.0
license.