Skip to content

Memory revelation in KeySetData serialization #22054

New issue
New issue
Closed
#22794
Closed
Memory revelation in KeySetData serialization#22054
#22794
Assignees
tcarmelveilleux
Labels
V1.0cryptosecurity
@tcarmelveilleux

Description

@tcarmelveilleux
tcarmelveilleux
opened on Aug 20, 2022

Problem

  • Dynamic runtime analysis at Google found that random data from memory was stored in persistent storage in unused key slots, possibly revealing memory at the time of storage, and also storing garbage data.

Stack frame

#0 0x7f47f5827cd4 in chip::Credentials::KeySetData::Serialize(chip::TLV::TLVWriter&) const [src/credentials/GroupDataProviderImpl.cpp:785]
#1 0x7f47f581ea0b in Save [src/credentials/GroupDataProviderImpl.cpp:60]
#2 0x7f47f581ea0b in chip::Credentials::GroupDataProviderImpl::SetKeySet(unsigned char, chip::Span<unsigned char const> const&, chip::Credentials::GroupDataProvider::KeySet const&) [src/credentials/GroupDataProviderImpl.cpp:1615] 
#3 0x7f47fd9d8301 in chip::Credentials::SetSingleIpkEpochKey(chip::Credentials::GroupDataProvider*, unsigned char, chip::Span<unsigned char const> const&, chip::Span<unsigned char const> const&) [src/credentials/GroupDataProvider.h:395].....

Proposed Solution

  • Use default values in the slots beyond the last one used by a real key
  • Cannot avoid writing entries without breaking already commissioned devices storage format. Therefore blank entries must be written to remain compatible.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

V1.0cryptosecurity

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions