CVE-2024-54137 - A Correctness Error in the liboqs Library Affects the HQC Key Encapsulation Mechanism, Fixed in Version .12.

liboqs is a popular C-language cryptographic library designed to support post-quantum cryptography algorithms. It facilitates the deployment of these advanced algorithms to provide enhanced security, especially against quantum computing attacks. Unfortunately, a correctness error, labeled as CVE-2024-54137, has been identified in the reference implementation of the HQC key encapsulation mechanism. This error arises due to an issue with indexing, which causes part of the secret key to be treated as non-secret data. The consequences can be severe, including incorrect shared secret values when the decapsulation function is called with an incorrectly formed ciphertext. Fortunately, this vulnerability has been successfully addressed in the liboqs .12. release.

Code Snippet

The problematic code can be identified within the decapsulation function in the reference implementation of the HQC key encapsulation mechanism:

// Original code
uint8_t secret_key_error = ;
for (size_t i = ; i < SHAKE256_RATE; ++i)
{
  secret_key_error |= (shared_secret[i] ^ secret_key[i]);
}

In this code snippet, the decryption function mistakenly treats part of the secret key as non-secret data. As a result, when calculating shared secrets using the malfunctioning code, the secret_key_error index could show discrepancies.

The corrected version of the code appropriately treats the entire secret key as secret information, ensuring the shared secret values are generated correctly:

// Fixed code in liboqs .12.
uint8_t secret_key_error = ;
for (size_t i = ; i < KEY_SIZE; ++i)
{
  secret_key_error |= (shared_secret[i] ^ secret_key[i]);
}

As seen in the fixed code, the index range has been updated to encompass the full secret key, mitigating the vulnerability.

Exploit Details

An attacker could exploit this vulnerability by crafting malformed ciphertexts and sending them to the target system. When the vulnerable decapsulation function processes these malformed ciphertexts, it generates an incorrect shared secret value. The attacker can potentially leverage this incorrect value along with additional cryptographic weaknesses to compromise the security of encrypted communications.

Original References

The vulnerability was first reported on the liboqs GitHub repository, where a detailed analysis and the corresponding patch were discussed. The involved parties successfully resolved the issue and integrated the fix into the latest release of the library, version .12..

- GitHub issue describing the vulnerability: https://github.com/open-quantum-safe/liboqs/issues/852
- The liboqs .12. release notes confirming the fix: https://github.com/open-quantum-safe/liboqs/releases/tag/.12.

Conclusion

CVE-2024-54137 represents a security vulnerability in the liboqs library stemming from an indexing error in the reference implementation of the HQC key encapsulation mechanism. This error leads to the generation of an incorrect shared secret when the decapsulation function processes a malformed ciphertext. It is essential for users and developers relying on the liboqs library to update to version .12. or later to mitigate this vulnerability and maintain the integrity of their cryptographic operations.

Timeline

Published on: 12/06/2024 16:15:22 UTC