CryspenWhen implementing cryptographic protocols, ensuring input validation is paramount. Neglecting this can lead to severe vulnerabilities, including information leakage, state corruption, and impersonation attacks.
In a recent blog post, Jan delved into how we address input validation in OpenMLS, an open-source Rust implementation of the Messaging Layer Security (MLS) protocol.
https://blog.openmls.tech/posts/2024-09-30-taking-stock-of-validation-checks/
Taking Stock of Validation Checks
When implementing cryptographic protocols, probably the most important thing is to not forget validating all inputs. Failing to do so can lead to inadvertant leakage of private information, state corruption, impersonation attacks… all kinds of vulnerabilities. To give an example, you might remember the “goto fail” vulnerability, a bug in the TLS implementation used in iOS. Here, the verification function of signatures sent along with the ServerKeyExchange message, which ties the server identity to the transcript and ephemeral key material. Due to a hard-to-spot slipup, it returned success early and never really checked the signature, which would allow an attacker to man-in-the-middle the connection. While in this case they didn’t just forget to do the check, it does demonstrate why these checks are important.