Memory corruption when reading public key modulus from SPI flash to RAM #3
Comments
|
I just noticed that a similar problem occurs in another function, shown below. This time, the first argument (the flash ID) is Once again an attacker can tamper with SPI flash to control |
|
Another example of an attacker-controlled modulus length is shown in these few lines of code: |
|
This same pattern with an attacker-controlled |
|
Finally, one last example of trusting the modulus size is here: |
|
Hi Jeremyncc, Tx for the update. We are working on addressing the issue by proper validation before use. As mentioned AST1060 uses an internal flash but there may be others in future who can have external flash. |
|
Thanks. BTW, as I showed in the second comment above (#3 (comment)), some of these examples do, in fact, appear to be reading from external flash instead of the internal one. |
|
any update on these? |
|
Hi Jeremy Boone, We are working on this. We will close this issue by End of Jan 2023. Regards, |
|
Hi @vigneshs88, any update on this? |
|
Hi Jeremy Boone, Next release is planned in end of Feb/early March. These fixes will be part of the release. |
|
Hi @vigneshs88 , your target date of late-Feb/early-March has passed. When is the next release planned? |
|
Hi @jeremyncc, The release is planned on or before the 2nd week of Apr 2023. Regards, |
|
Hi @vigneshs88. I just reviewed the commit (d6d935e) that refactored the repo. I noticed that not all of these memory safety problems have been resolved. I've summarized the results of my review below. Do you intend to fix these vulnerabilities? I intend to write a blog post about PFR and HRoT security, and will reference these bugs in that blog post, so I would appreciate if you could provide an ETA so that I can coordinate publication. Issue 1:File: cerberus/cerberus_pfr_common.c The code now reads the entire pubkey in one shot. Issue 2:File: cerberus_pfr_verification.c This function has not changed. The input validation problems still exist.
Issue 3:File: cerberus/cerberus_pfr_verification.c The code now reads the entire pubkey in one shot. Issue 4:File: engineManager/engine_manager.c The function has not changed. This code is very similar to Issue 5:File: keystore/KeystoreManager.c The function has not changed. This code continues to read |
|
Hi @jeremyncc, With Regards, |
|
Hi again. May 12th has past. I'm wondering when this patch will land as I plan on publishing a security advisory (blog post) for these vulnerabilities. |
|
Hi @jeremyncc , We have reviewed the code and the three functions cerberus_read_public_key, read_rsa_public_key, and keystore_get_root_key are not part of the code flow. These functions will be removed. Thank you for your patience. With Regards, |
|
Thanks. I appreciate the update. |
In the following function, a 16-bit
key_lengthvalue is read from SPI flash, and is then used as the size argument to a subsequentpfr_spi_read()call.https://github.com/opencomputeproject/Tektagon-OpenEdition/blob/f7350a3a175373532f2ecafc82745a827397d4a8/zephyr/FunctionalBlocks/Pfr/cerberus/cerberus_pfr_common.c#L381-L388
If a physical attacker has tampered with the contents of SPI flash, they could replace the
key_lengthfield with an excessively large value. If this value was larger thanRSA_KEY_LENGTH_4K(512 bytes), then memory corruption will occur when copying the public key modulus from flash into RAM.Between the first and second calls to
pfr_spi_read()checkkey_lengthto ensure it is not larger thansizeof(public_key->modulus).Edited to add: I noticed that the AST1060 uses internal flash, so it may not be possible for an adversary to tamper with the public key as described in this report. Are there other platform configurations that use external flash?
The text was updated successfully, but these errors were encountered: