tpm2-tools: backport fix for CVE-2021-3565

tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. Even the
use of an encrypted session will not prevent this. The TPM only
encrypts the first parameter which is the fixed symmetric key.

To fix this, ensure the key size is 16 bytes or bigger and use
OpenSSL to generate a secure random AES key.

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Ralph Siemsen
2022-03-15 12:08:27 -04:00
committed by Armin Kuster
parent c74cc97641
commit de4e7fced9
2 changed files with 51 additions and 0 deletions
@@ -0,0 +1,48 @@
From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Fri, 21 May 2021 12:22:31 -0500
Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. Even the
use of an encrypted session will not prevent this. The TPM only
encrypts the first parameter which is the fixed symmetric key.
To fix this, ensure the key size is 16 bytes or bigger and use
OpenSSL to generate a secure random AES key.
Fixes: #2738
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Upstream-Status: Backport
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
CVE: CVE-2021-3565
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
tools/tpm2_import.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
index 6404cac..acd8ac8 100644
--- a/tools/tpm2_import.c
+++ b/tools/tpm2_import.c
@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
TPM2B_DATA enc_sensitive_key = {
.size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
};
- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
+
+ if(enc_sensitive_key.size < 16) {
+ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
+ return tool_rc_general_error;
+ }
+
+ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
+ if (ossl_rc != 1) {
+ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
+ return tool_rc_general_error;
+ }
/*
* Calculate the object name.
@@ -6,7 +6,10 @@ SECTION = "tpm"
DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"
SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395" SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1" SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"