CLN-003 - Rsa crate dependency timing side channel

[morganava]

Description:

The rsa crate is subject to a timing side channel attack.

Technical description:

The rsa crate is susceptible to a Marvin attack (https://www.redhat.com/en/blog/marvin-attack) tracked here https://rustsec.org/advisories/RUSTSEC-2023-0071.html, which takes advantage of non-constant time operations in RSAES-PKCS1-v1_5. The Gosling crates do not directly use the vulnerable methods.

Impact:

The jitter of the Tor network makes such a vulnerability even harder to exploit, but if it were to be exploited then confidentiality could be compromised.

Recommendation:

• There is currently no patch available. Keep abreast of new developments and update the dependency once a fix is available.

[morganava]

Furthermore, this upstream crate is only enabled when the ArtiClintTorClient TorProvider is enabled (which bings in the arti-client crate and all its dependencies).

We will automatically get a fix for this when the Tor Project updates their arti-client's dependencies after the rsa crate pushes a fix for their bug.

[morganava]

This issue is being tracked ultimately upstream here:

• modpow implementation is not constant-time RustCrypto/RSA#19