CWE-1431
Driving Intermediate Cryptographic State/Results to Hardware Module Outputs
AI Translation Available
The product uses a hardware module implementing a cryptographic
algorithm that writes sensitive information about the intermediate
state or results of its cryptographic operations via one of its output
wires (typically the output port containing the final result).
Status
incomplete
Abstraction
base
Affected Platforms
System on Chip
Technical Details
AI Translation
Common Consequences
confidentiality
Impacts
read memory
read application data
Detection Methods
automated static analysis - source code
simulation / emulation
formal verification
manual analysis
Potential Mitigations
Phases:
architecture and design
implementation
Descriptions:
•
Designers/developers should add or modify existing control flow logic along any data flow paths that connect "sources" (signals with intermediate cryptographic state/results) with "sinks" (hardware module outputs and other signals outside of trusted cryptographic zone). The control flow logic should only allow cryptographic results to be driven to "sinks" when appropriate conditions are satisfied (typically when the final result for a cryptographic operation has been generated). When the appropriate conditions are not satisfied (i.e., before or during a cryptographic operation), the control flow logic should drive a safe default value to "sinks".