Base weakness

Incomplete

CWE-1431: Driving Intermediate Cryptographic State/Results to Hardware Module Outputs

The product uses a hardware module implementing a cryptographic algorithm that writes sensitive information about the intermediate state or results of its cryptographic operations via one of its output wires (typically the output port containing the final result).

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-1431 (Driving Intermediate Cryptographic State/Results to Hardware Module Outputs) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

How to detect it

Automated Static Analysis - Source Code

Automated static analysis can find some instances of this weakness by analyzing source register-transfer level (RTL) code without having to simulate it or analyze it with a formal verification engine. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (signals with intermediate cryptographic state/results) with "sinks" (hardware module outputs and other signals outside of trusted cryptographic zone) without any control flow.

Effectiveness: High

Simulation / Emulation

Simulation/emulation based analysis can find some instances of this weakness by simulating source register-transfer level (RTL) code along with a set of assertions that incorporate the simulated values of relevant design signals. Typically, these assertions will capture desired or undesired behavior. Analysis can be improved by using simulation-based information flow tracking (IFT) to more precisely detect unexpected results.

Effectiveness: High

Formal Verification

Formal verification can find some instances of this weakness by exhaustively analyzing whether a given assertion holds true for a given hardware design specified in register-transfer level (RTL) code. Typically, these assertions will capture desired or undesired behavior. For this weakness, an assertion should check for undesired behavior in which one output is a signal that captures when a cryptographic algorithm has completely finished; another output is a signal with intermediate cryptographic state/results; and there is an assignment to a hardware module output or other signal outside of a trusted cryptographic zone.

Alternatively, when using a formal IFT verification, the same undesired behavior can be detected by checking if computation results can ever leak to an output when the cryptographic result is not copmlete.

Effectiveness: High

Manual Analysis

Manual analysis can find some instances of this weakness by manually reviewing relevant lines of source register-transfer level (RTL) code to detect potentially-vulnerable patterns. Typically, the reviewer will trace the sequence of assignments that connect "sources" (signals with intermediate cryptographic state/results) with "sinks" (hardware module outputs and other signals outside of trusted cryptographic zone). If this sequence of assignments is missing adequate control flow, then the weakness is likely to exist.

Effectiveness: Opportunistic

CWE-1431: Driving Intermediate Cryptographic State/Results to Hardware Module Outputs

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis - Source Code

Simulation / Emulation

Formal Verification

Manual Analysis

Code examples

Frequently asked questions

What is CWE-1431?

How do you prevent CWE-1431?

How is CWE-1431 detected?

What are the consequences of CWE-1431?

References

Stay ahead of CWE-1431

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis - Source Code

Simulation / Emulation

Formal Verification

Manual Analysis

Code examples

Related weaknesses

Parent

Peer

Frequently asked questions

What is CWE-1431?

How do you prevent CWE-1431?

How is CWE-1431 detected?

What are the consequences of CWE-1431?

References

Stay ahead of CWE-1431