[meta-security][dunfell][PATCH] tpm2-tools: backport fix for CVE-2021-3565

[meta-security][dunfell][PATCH] tpm2-tools: backport fix for CVE-2021-3565

[Ralph Siemsen]

tpm2_import: fix fixed AES key CVE-2021-3565

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
Discussion items:

1) Perhaps dunfell should update 4.1.1 -> 4.1.3  ?
   There appear to be only two small fixes
   https://github.com/tpm2-software/tpm2-tools/blob/4.1.X/CHANGELOG.md
   https://github.com/tpm2-software/tpm2-tools/commits/4.1.X
   We still need this backport regardless.

2) hardknott and honister are on 5.0
   According to CVE configuration data, this version is not affected.
   But looking at the branch history suggests otherwise.
   The patch applies cleanly on top of 5.0.
   Should we backport? Or never mind as these branches are almost EOL?

3) master/kirkstone is on 5.2 which includes the fix already,
   no action needed for this one.

 ...port-fix-fixed-AES-key-CVE-2021-3565.patch | 43 +++++++++++++++++++
 .../tpm2-tools/tpm2-tools_4.1.1.bb            |  3 ++
 2 files changed, 46 insertions(+)
 create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
new file mode 100644
index 0000000..4fceb2e
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
@@ -0,0 +1,43 @@
+From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@intel.com>
+Date: Fri, 21 May 2021 12:22:31 -0500
+Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
+
+tpm2_import used a fixed AES key for the inner wrapper, which means that
+a MITM attack would be able to unwrap the imported key. Even the
+use of an encrypted session will not prevent this. The TPM only
+encrypts the first parameter which is the fixed symmetric key.
+
+To fix this, ensure the key size is 16 bytes or bigger and use
+OpenSSL to generate a secure random AES key.
+
+Fixes: #2738
+
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+---
+ tools/tpm2_import.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
+index 6404cac..acd8ac8 100644
+--- a/tools/tpm2_import.c
++++ b/tools/tpm2_import.c
+@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
+     TPM2B_DATA enc_sensitive_key = {
+         .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
+     };
+-    memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
++
++    if(enc_sensitive_key.size < 16) {
++        LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
++        return tool_rc_general_error;
++    }
++
++    int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
++    if (ossl_rc != 1) {
++        LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
++        return tool_rc_general_error;
++    }
+ 
+     /*
+      * Calculate the object name.
diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
index e90dcfe..f013fa1 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
@@ -6,7 +6,10 @@ SECTION = "tpm"
 
 DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
 
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
 SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"
 
 SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
 SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"
-- 
2.25.1

Re: [yocto] [meta-security][dunfell][PATCH] tpm2-tools: backport fix for CVE-2021-3565

[akuster808]

On 3/14/22 12:44, Ralph Siemsen wrote:
> tpm2_import: fix fixed AES key CVE-2021-3565
>
> Upstream commit (with offset adjusted)
> https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
>
> Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
> ---
> Discussion items:
>
> 1) Perhaps dunfell should update 4.1.1 -> 4.1.3  ?
>     There appear to be only two small fixes
>     https://github.com/tpm2-software/tpm2-tools/blob/4.1.X/CHANGELOG.md
>     https://github.com/tpm2-software/tpm2-tools/commits/4.1.X
>     We still need this backport regardless.
I would take an update to 4.1.3.

>
> 2) hardknott and honister are on 5.0
>     According to CVE configuration data, this version is not affected.
>     But looking at the branch history suggests otherwise.
>     The patch applies cleanly on top of 5.0.
>     Should we backport? Or never mind as these branches are almost EOL?
>
> 3) master/kirkstone is on 5.2 which includes the fix already,
>     no action needed for this one.

Thanks for the analysis, much appreciated.

>
>   ...port-fix-fixed-AES-key-CVE-2021-3565.patch | 43 +++++++++++++++++++
>   .../tpm2-tools/tpm2-tools_4.1.1.bb            |  3 ++
>   2 files changed, 46 insertions(+)
>   create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
>
> diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
> new file mode 100644
> index 0000000..4fceb2e
> --- /dev/null
> +++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
> @@ -0,0 +1,43 @@
> +From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
> +From: William Roberts <william.c.roberts@intel.com>
> +Date: Fri, 21 May 2021 12:22:31 -0500
> +Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
> +
> +tpm2_import used a fixed AES key for the inner wrapper, which means that
> +a MITM attack would be able to unwrap the imported key. Even the
> +use of an encrypted session will not prevent this. The TPM only
> +encrypts the first parameter which is the fixed symmetric key.
> +
> +To fix this, ensure the key size is 16 bytes or bigger and use
> +OpenSSL to generate a secure random AES key.
> +
> +Fixes: #2738
> +
> +Signed-off-by: William Roberts <william.c.roberts@intel.com>




> +---
> + tools/tpm2_import.c | 12 +++++++++++-
> + 1 file changed, 11 insertions(+), 1 deletion(-)Upstream commit (with offset adjusted)
> https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
>
> Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Missing the Standard OE patch format. The patch itself needs this 
additional meta data.
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines

Needs these too:

Upstream-Status:
CVE:

-armin
> +
> +diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
> +index 6404cac..acd8ac8 100644
> +--- a/tools/tpm2_import.c
> ++++ b/tools/tpm2_import.c
> +@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
> +     TPM2B_DATA enc_sensitive_key = {
> +         .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
> +     };
> +-    memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
> ++
> ++    if(enc_sensitive_key.size < 16) {
> ++        LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
> ++        return tool_rc_general_error;
> ++    }
> ++
> ++    int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
> ++    if (ossl_rc != 1) {
> ++        LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
> ++        return tool_rc_general_error;
> ++    }
> +
> +     /*
> +      * Calculate the object name.
> diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
> index e90dcfe..f013fa1 100644
> --- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
> +++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
> @@ -6,7 +6,10 @@ SECTION = "tpm"
>   
>   DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
>   
> +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
> +
>   SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
> +SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"
>   
>   SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
>   SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#56428): https://lists.yoctoproject.org/g/yocto/message/56428
> Mute This Topic: https://lists.yoctoproject.org/mt/89782420/3616698
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

[meta-security][dunfell][PATCH v2] tpm2-tools: backport fix for CVE-2021-3565

[Ralph Siemsen]

tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. Even the
use of an encrypted session will not prevent this. The TPM only
encrypts the first parameter which is the fixed symmetric key.

To fix this, ensure the key size is 16 bytes or bigger and use
OpenSSL to generate a secure random AES key.

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
Changes in v2:
- added OE metadata to patch file, hopefully correctly
- separate patch to update v4.1.1 -> 4.1.3 will follow

 ...port-fix-fixed-AES-key-CVE-2021-3565.patch | 48 +++++++++++++++++++
 .../tpm2-tools/tpm2-tools_4.1.1.bb            |  3 ++
 2 files changed, 51 insertions(+)
 create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
new file mode 100644
index 0000000..3832063
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
@@ -0,0 +1,48 @@
+From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@intel.com>
+Date: Fri, 21 May 2021 12:22:31 -0500
+Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
+
+tpm2_import used a fixed AES key for the inner wrapper, which means that
+a MITM attack would be able to unwrap the imported key. Even the
+use of an encrypted session will not prevent this. The TPM only
+encrypts the first parameter which is the fixed symmetric key.
+
+To fix this, ensure the key size is 16 bytes or bigger and use
+OpenSSL to generate a secure random AES key.
+
+Fixes: #2738
+
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+
+Upstream-Status: Backport
+https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
+CVE: CVE-2021-3565
+Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
+---
+ tools/tpm2_import.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
+index 6404cac..acd8ac8 100644
+--- a/tools/tpm2_import.c
++++ b/tools/tpm2_import.c
+@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
+     TPM2B_DATA enc_sensitive_key = {
+         .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
+     };
+-    memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
++
++    if(enc_sensitive_key.size < 16) {
++        LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
++        return tool_rc_general_error;
++    }
++
++    int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
++    if (ossl_rc != 1) {
++        LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
++        return tool_rc_general_error;
++    }
+ 
+     /*
+      * Calculate the object name.
diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
index e90dcfe..f013fa1 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
@@ -6,7 +6,10 @@ SECTION = "tpm"
 
 DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
 
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
 SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"
 
 SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
 SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"
-- 
2.25.1

Re: [yocto] [meta-security][dunfell][PATCH v2] tpm2-tools: backport fix for CVE-2021-3565

[Ralph Siemsen]

Hi Armin,

I noticed that this patch, as well as the version bump to 4.1.3, have
landed in the dunfell-next branch of meta-security.

Curiously though, the dunfell branch contains quite a few more recent
commits, which are not in dunfell-next.

Just wondering if this is normal? Will the tpm2-tools patches appear
in dunfell branch eventually?

Thanks,
Ralph




On Tue, Mar 15, 2022 at 12:08 PM Ralph Siemsen via
lists.yoctoproject.org
<ralph.siemsen=linaro.org@lists.yoctoproject.org> wrote:
>
> tpm2_import used a fixed AES key for the inner wrapper, which means that
> a MITM attack would be able to unwrap the imported key. Even the
> use of an encrypted session will not prevent this. The TPM only
> encrypts the first parameter which is the fixed symmetric key.
>
> To fix this, ensure the key size is 16 bytes or bigger and use
> OpenSSL to generate a secure random AES key.
>
> Upstream commit (with offset adjusted)
> https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
>
> Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
> ---
> Changes in v2:
> - added OE metadata to patch file, hopefully correctly
> - separate patch to update v4.1.1 -> 4.1.3 will follow
>
>  ...port-fix-fixed-AES-key-CVE-2021-3565.patch | 48 +++++++++++++++++++
>  .../tpm2-tools/tpm2-tools_4.1.1.bb            |  3 ++
>  2 files changed, 51 insertions(+)
>  create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
>
> diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
> new file mode 100644
> index 0000000..3832063
> --- /dev/null
> +++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
> @@ -0,0 +1,48 @@
> +From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
> +From: William Roberts <william.c.roberts@intel.com>
> +Date: Fri, 21 May 2021 12:22:31 -0500
> +Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
> +
> +tpm2_import used a fixed AES key for the inner wrapper, which means that
> +a MITM attack would be able to unwrap the imported key. Even the
> +use of an encrypted session will not prevent this. The TPM only
> +encrypts the first parameter which is the fixed symmetric key.
> +
> +To fix this, ensure the key size is 16 bytes or bigger and use
> +OpenSSL to generate a secure random AES key.
> +
> +Fixes: #2738
> +
> +Signed-off-by: William Roberts <william.c.roberts@intel.com>
> +
> +Upstream-Status: Backport
> +https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
> +CVE: CVE-2021-3565
> +Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
> +---
> + tools/tpm2_import.c | 12 +++++++++++-
> + 1 file changed, 11 insertions(+), 1 deletion(-)
> +
> +diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
> +index 6404cac..acd8ac8 100644
> +--- a/tools/tpm2_import.c
> ++++ b/tools/tpm2_import.c
> +@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
> +     TPM2B_DATA enc_sensitive_key = {
> +         .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
> +     };
> +-    memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
> ++
> ++    if(enc_sensitive_key.size < 16) {
> ++        LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
> ++        return tool_rc_general_error;
> ++    }
> ++
> ++    int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
> ++    if (ossl_rc != 1) {
> ++        LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
> ++        return tool_rc_general_error;
> ++    }
> +
> +     /*
> +      * Calculate the object name.
> diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
> index e90dcfe..f013fa1 100644
> --- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
> +++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
> @@ -6,7 +6,10 @@ SECTION = "tpm"
>
>  DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
>
> +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
> +
>  SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
> +SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"
>
>  SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
>  SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#56445): https://lists.yoctoproject.org/g/yocto/message/56445
> Mute This Topic: https://lists.yoctoproject.org/mt/89801319/3616981
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [ralph.siemsen@linaro.org]
> -=-=-=-=-=-=-=-=-=-=-=-
>