-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DeviceKey: [Security Fix] Generated ROT-key is still used when TRNG fails #9278
Conversation
@boomer41, thank you for your changes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for that catch.
@yossi2le can you review this one as well? |
@boomer41 can you please explain why we need the security notice after this fix will be merged? Do you think there is a real reason to suspect that TRNG may fail and mbedtls_entropy_func will return a success status? |
@yossi2le I don't know the characteristics of every HAL implementation of the TRNG for every supported CPU. I don't know how the entropy function actually works internally either. I also can't imagine that the TRNG actually has failed in a single case. But some users may have strict security policies that enforces key rotation when where is only a slight possibility for insecure keys. This is only suggestion, as I don't know ARM's or mbed's security policy. This is up to you to decide. |
CI started |
@yossi2le I just found this:
When mbedtls polls for entropy, it initializes a trng_t structure via trng_init every time, uses it, and then destroys it. As an example, on the STM-family of CPUs, only one trng_t structure can be created. mbed-os/targets/TARGET_STM/trng_api.c Line 37 in ab1c2be
When the ROT is generated in a separate task, whilst another TRNG operation in another Task is also running, the TRNG could actually fail. Or did I miss something? |
@boomer41 In regards to the STM example you provided, the system will halt if this situation will arise. the |
@yossi2le But I do think we don't understand each other. With "security message" i do mean some kind of email broadcasted to the users, informing them that already generated DeviceKeys may/could be insecure. If you do already mean this, I apologize. |
@boomer41 Thanks for the clarification. I apologize but I indeed misunderstood your request. I will pass your remark forward and I agree we should distribute this message out. |
Test run: FAILEDSummary: 1 of 11 test jobs failed Failed test jobs:
|
Restarted. |
Description
Fix security bug in DeviceKey's implementation.
With the current implementation, a possible failure of the TRNG cannot be noticed, as the return value in line 269 is immediately overriden in line 274.
When the TRNG somehow fails (e. g. not (yet) ready), the key may stay zeroed out. This is falsely reported back to the generation logic as a success, thus making the RootOfTrust possibly predictable.
This fix ensures that a failed TRNG is properly propagated back to the caller, and that the output is not used as ROT.
@Securityteam (if any): I'd suggest a small security notice to the users that the DeviceKey may be insecure, as the TRNG may have unknowingly failed.
Pull request type