Headline
CVE-2020-10941: Cache attack against RSA key import in SGX — Mbed TLS documentation
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
Title
Cache attack against RSA key import in SGX
Date
20th February 2020 ( Updated on 21st February 2020 )
Affects
All versions of Mbed TLS and Mbed Crypto
Impact
The RSA private key is recoverable through side channels.
Severity
Medium
Credit
Alejandro Cabrera Aldaya and Billy Brumley
Vulnerability
If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. Found by Alejandro Cabrera Aldaya and Billy Brumley and reported by Jack Lloyd.
The attack only requires access to fine grained measurements to cache usage. Therefore the attack might be applicable to a scenario where Mbed TLS is running in TrustZone secure world and the attacker controls the normal world or possibly when Mbed TLS is part of a hypervisor and the adversary has full control of a guest OS.
Impact
If an adversary has fine grained measurements to cache usage at the time an RSA key is being imported, they are able to recover the private key.
Resolution
Affected users should upgrade to one of the most recent versions of Mbed TLS, including 2.21.0, 2.16.5 or 2.7.14 or later. Similarly, affected users should upgrade to the most recent version of Mbed Crypto, including 3.1.0 or later.
Warning: Even in these versions, it is only safe to import complete RSA private keys. mbedtls_pk_parse_key() and mbedtls_pk_parse_keyfile() can only import complete private keys and therefore using them is safe. Use of lower level APIs (such as mbedtls_rsa_import()) or direct access to the members of the mbedtls_rsa_context structure for importing keys is only safe if all the needed parameters are provided; in configurations with MBEDTLS_RSA_NO_CRT undefined (which is the default), this means all the components prescribed by appendix A.1.2 of the PKCS#1 v2.2 standard; in configurations with MBEDTLS_RSA_NO_CRT enabled, this means n, e, d, p and q.
Workaround
There are no known workarounds.