Félix Charette Senior Application Security Engineer,
Félix is a Senior Application Security Engineer at Okta Inc. With an interest in cryptography, he has been reviewing, in his free time, the implementation of cryptographic functions.
Talk: Exploiting the not so misuse-resistant AES-GCM API of OpenSSL
Talks will be streamed on YouTube and Twitch for free.
AES-GCM is robust when used properly, but in practice, some APIs make it easy to introduce vulnerabilities giving the possibility to alter the content of encrypted ciphertexts. One of these APIs lacking misuse resistance is implemented by OpenSSL; a library providing cryptography functions to products such as browsers and even to some programming languages (eg: Ruby and PHP).
In this talk, we go through AES-GCM, why it's robust and what is needed to affect its integrity property. We'll go briefly over specifications only to introduce the required concepts. Then, we'll continue with a few examples where misuse resistance was never considered when implementing cryptography APIs. We'll see how to detect these misuses and how to exploit them in real-life scenarios. The abuse cases vary depending on how AES-GCM is used, but we'll see what techniques can be used to leverage this vulnerability.
Theory is one thing, but implementation choices can be questionable and lead to real issues which results in the popular saying: "It works on my paper..."