[SRU,X/master,pull-req] CVE-2018-5383: Bluetooth info leak
mbox series

Message ID 20190717142115.GA9914@harukaze
State New
Headers show
Series
  • [SRU,X/master,pull-req] CVE-2018-5383: Bluetooth info leak
Related show

Pull-request

git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 7a716e4ece23d2d9f86aa58d45500df7429fd2b3

Message

Paolo Pisati July 17, 2019, 2:21 p.m. UTC
Bluetooth firmware or operating system software drivers may not sufficiently
validate elliptic curve parameters used to generate public keys during a
Diffie-Hellman key exchange, which may allow a remote attacker to obtain the
encryption key used by the device.

https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5383.html

According to Intel, linux-4.4.y is affected, but backporting the upstream fix
was not feasible (net/bluetooth/ecc.c, that is shipped in 4.4, has a different
provenance than crypto/ecc.c, that is the recent upstream implementation).
Linux 4.12+ completely removed net/blueooth/ecc.c and replaced it with the
crypto module ecdh (the one that received the cve fix upstream), and this is a
backport of that crypto module (plus all the necessary commits to make the
backport apply cleanly), and the actual cve fix.

The result is a clean cherry-pick from upstream (with some mechanical
modification), tested on a Xenial amd64 box, succesfully connecting it via
bluetooth to several devices (audio, hid, mobile) and exhanging different data
streams (audio, files, etc).

The following changes since commit 3693aaff5f5b24a250ecb936f320d0a5849bf62b:

  UBUNTU: Ubuntu-4.4.0-143.169 (2019-02-06 10:39:59 +0000)

are available in the git repository at:

  git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 7a716e4ece23d2d9f86aa58d45500df7429fd2b3

for you to fetch changes up to 7a716e4ece23d2d9f86aa58d45500df7429fd2b3:

  crypto: ecdh - add public key verification test (2019-07-17 13:52:51 +0000)

----------------------------------------------------------------
Paolo Pisati (1):
      UBUNTU: [Config] CRYPTO_ECDH=m

Pierre (1):
      crypto: ecc - Fix NULL pointer deref. on no default_rng

Salvatore Benedetto (4):
      crypto: kpp - Key-agreement Protocol Primitives API (KPP)
      crypto: dh - Add DH software implementation
      crypto: ecdh - Add ECDH software support
      Bluetooth: convert smp and selftest to crypto kpp API

Stephan Mueller (2):
      crypto: doc - add KPP documentation
      crypto: ecdh - add public key verification test

Stephen Rothwell (1):
      crypto: ecdh - make ecdh_shared_secret unique

Tudor-Dan Ambarus (5):
      crypto: kpp, (ec)dh - fix typos
      crypto: ecc - remove unused function arguments
      crypto: ecc - remove unnecessary casts
      crypto: ecc - rename ecdh_make_pub_key()
      crypto: ecdh - add privkey generation support

 Documentation/crypto/api-kpp.rst          |   92 +++
 crypto/Kconfig                            |   24 +
 crypto/Makefile                           |   10 +
 crypto/crypto_user.c                      |   20 +
 crypto/dh.c                               |  189 +++++
 crypto/dh_helper.c                        |   95 +++
 crypto/ecc.c                              | 1104 +++++++++++++++++++++++++++++
 crypto/ecc.h                              |   92 +++
 crypto/ecc_curve_defs.h                   |   71 ++
 crypto/ecdh.c                             |  153 ++++
 crypto/ecdh_helper.c                      |   86 +++
 crypto/kpp.c                              |  123 ++++
 crypto/testmgr.c                          |  154 ++++
 crypto/testmgr.h                          |  323 +++++++++
 debian.master/config/config.common.ubuntu |    3 +
 include/crypto/dh.h                       |   87 +++
 include/crypto/ecdh.h                     |   88 +++
 include/crypto/internal/kpp.h             |   64 ++
 include/crypto/kpp.h                      |  339 +++++++++
 include/linux/crypto.h                    |    1 +
 include/uapi/linux/cryptouser.h           |    5 +
 net/bluetooth/Kconfig                     |    1 +
 net/bluetooth/Makefile                    |    2 +-
 net/bluetooth/ecc.c                       |  816 ---------------------
 net/bluetooth/ecc.h                       |   54 --
 net/bluetooth/ecdh_helper.c               |  223 ++++++
 net/bluetooth/ecdh_helper.h               |   27 +
 net/bluetooth/selftest.c                  |    6 +-
 net/bluetooth/smp.c                       |    8 +-
 29 files changed, 3382 insertions(+), 878 deletions(-)
 create mode 100644 Documentation/crypto/api-kpp.rst
 create mode 100644 crypto/dh.c
 create mode 100644 crypto/dh_helper.c
 create mode 100644 crypto/ecc.c
 create mode 100644 crypto/ecc.h
 create mode 100644 crypto/ecc_curve_defs.h
 create mode 100644 crypto/ecdh.c
 create mode 100644 crypto/ecdh_helper.c
 create mode 100644 crypto/kpp.c
 create mode 100644 include/crypto/dh.h
 create mode 100644 include/crypto/ecdh.h
 create mode 100644 include/crypto/internal/kpp.h
 create mode 100644 include/crypto/kpp.h
 delete mode 100644 net/bluetooth/ecc.c
 delete mode 100644 net/bluetooth/ecc.h
 create mode 100644 net/bluetooth/ecdh_helper.c
 create mode 100644 net/bluetooth/ecdh_helper.h

Comments

Stefan Bader July 18, 2019, 9:01 a.m. UTC | #1
On 17.07.19 16:21, Paolo Pisati wrote:
> git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 7a716e4ece23d2d9f86aa58d45500df7429fd2b3

OK, the majority of delta is adding new crypto implementation which should only
be opt-in and thus only matter for the bluetooth part which gets its internal
implementation replaced. Only small thing: for better bisection, should not

UBUNTU: [Config] CRYPTO_ECDH=m

moved before

Bluetooth: convert smp and selftest to crypto kpp API

?

Acked-by: Stefan Bader <stefan.bader@canonical.com>
Paolo Pisati July 18, 2019, 9:10 a.m. UTC | #2
On Thu, Jul 18, 2019 at 11:01 AM Stefan Bader
<stefan.bader@canonical.com> wrote:
>
> On 17.07.19 16:21, Paolo Pisati wrote:
> > git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 7a716e4ece23d2d9f86aa58d45500df7429fd2b3
>
> OK, the majority of delta is adding new crypto implementation which should only
> be opt-in and thus only matter for the bluetooth part which gets its internal
> implementation replaced. Only small thing: for better bisection, should not
>
> UBUNTU: [Config] CRYPTO_ECDH=m
>
> moved before
>
> Bluetooth: convert smp and selftest to crypto kpp API
>
> ?

Yeah, probably it makes sense to invert the two.
Connor Kuehl July 22, 2019, 6:20 p.m. UTC | #3
On 7/17/19 7:21 AM, Paolo Pisati wrote:
> Bluetooth firmware or operating system software drivers may not sufficiently
> validate elliptic curve parameters used to generate public keys during a
> Diffie-Hellman key exchange, which may allow a remote attacker to obtain the
> encryption key used by the device.
> 
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5383.html
> 
> According to Intel, linux-4.4.y is affected, but backporting the upstream fix
> was not feasible (net/bluetooth/ecc.c, that is shipped in 4.4, has a different
> provenance than crypto/ecc.c, that is the recent upstream implementation).
> Linux 4.12+ completely removed net/blueooth/ecc.c and replaced it with the
> crypto module ecdh (the one that received the cve fix upstream), and this is a
> backport of that crypto module (plus all the necessary commits to make the
> backport apply cleanly), and the actual cve fix.
> 
> The result is a clean cherry-pick from upstream (with some mechanical
> modification), tested on a Xenial amd64 box, succesfully connecting it via
> bluetooth to several devices (audio, hid, mobile) and exhanging different data
> streams (audio, files, etc).
> 
> The following changes since commit 3693aaff5f5b24a250ecb936f320d0a5849bf62b:
> 
>   UBUNTU: Ubuntu-4.4.0-143.169 (2019-02-06 10:39:59 +0000)
> 
> are available in the git repository at:
> 
>   git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 7a716e4ece23d2d9f86aa58d45500df7429fd2b3
> 
> for you to fetch changes up to 7a716e4ece23d2d9f86aa58d45500df7429fd2b3:
> 
>   crypto: ecdh - add public key verification test (2019-07-17 13:52:51 +0000)
> 
> ----------------------------------------------------------------
> Paolo Pisati (1):
>       UBUNTU: [Config] CRYPTO_ECDH=m
> 
> Pierre (1):
>       crypto: ecc - Fix NULL pointer deref. on no default_rng
> 
> Salvatore Benedetto (4):
>       crypto: kpp - Key-agreement Protocol Primitives API (KPP)
>       crypto: dh - Add DH software implementation
>       crypto: ecdh - Add ECDH software support
>       Bluetooth: convert smp and selftest to crypto kpp API
> 
> Stephan Mueller (2):
>       crypto: doc - add KPP documentation
>       crypto: ecdh - add public key verification test
> 
> Stephen Rothwell (1):
>       crypto: ecdh - make ecdh_shared_secret unique
> 
> Tudor-Dan Ambarus (5):
>       crypto: kpp, (ec)dh - fix typos
>       crypto: ecc - remove unused function arguments
>       crypto: ecc - remove unnecessary casts
>       crypto: ecc - rename ecdh_make_pub_key()
>       crypto: ecdh - add privkey generation support
> 
>  Documentation/crypto/api-kpp.rst          |   92 +++
>  crypto/Kconfig                            |   24 +
>  crypto/Makefile                           |   10 +
>  crypto/crypto_user.c                      |   20 +
>  crypto/dh.c                               |  189 +++++
>  crypto/dh_helper.c                        |   95 +++
>  crypto/ecc.c                              | 1104 +++++++++++++++++++++++++++++
>  crypto/ecc.h                              |   92 +++
>  crypto/ecc_curve_defs.h                   |   71 ++
>  crypto/ecdh.c                             |  153 ++++
>  crypto/ecdh_helper.c                      |   86 +++
>  crypto/kpp.c                              |  123 ++++
>  crypto/testmgr.c                          |  154 ++++
>  crypto/testmgr.h                          |  323 +++++++++
>  debian.master/config/config.common.ubuntu |    3 +
>  include/crypto/dh.h                       |   87 +++
>  include/crypto/ecdh.h                     |   88 +++
>  include/crypto/internal/kpp.h             |   64 ++
>  include/crypto/kpp.h                      |  339 +++++++++
>  include/linux/crypto.h                    |    1 +
>  include/uapi/linux/cryptouser.h           |    5 +
>  net/bluetooth/Kconfig                     |    1 +
>  net/bluetooth/Makefile                    |    2 +-
>  net/bluetooth/ecc.c                       |  816 ---------------------
>  net/bluetooth/ecc.h                       |   54 --
>  net/bluetooth/ecdh_helper.c               |  223 ++++++
>  net/bluetooth/ecdh_helper.h               |   27 +
>  net/bluetooth/selftest.c                  |    6 +-
>  net/bluetooth/smp.c                       |    8 +-
>  29 files changed, 3382 insertions(+), 878 deletions(-)
>  create mode 100644 Documentation/crypto/api-kpp.rst
>  create mode 100644 crypto/dh.c
>  create mode 100644 crypto/dh_helper.c
>  create mode 100644 crypto/ecc.c
>  create mode 100644 crypto/ecc.h
>  create mode 100644 crypto/ecc_curve_defs.h
>  create mode 100644 crypto/ecdh.c
>  create mode 100644 crypto/ecdh_helper.c
>  create mode 100644 crypto/kpp.c
>  create mode 100644 include/crypto/dh.h
>  create mode 100644 include/crypto/ecdh.h
>  create mode 100644 include/crypto/internal/kpp.h
>  create mode 100644 include/crypto/kpp.h
>  delete mode 100644 net/bluetooth/ecc.c
>  delete mode 100644 net/bluetooth/ecc.h
>  create mode 100644 net/bluetooth/ecdh_helper.c
>  create mode 100644 net/bluetooth/ecdh_helper.h
> 

Acked-by: Connor Kuehl <connor.kuehl@canonical.com>
Khaled Elmously July 23, 2019, 5:18 a.m. UTC | #4
Reversed order of "UBUNTU: [Config] CRYPTO_ECDH=m" and "Bluetooth: convert smp and selftest to crypto kpp API"



On 2019-07-17 16:21:15 , Paolo Pisati wrote:
> Bluetooth firmware or operating system software drivers may not sufficiently
> validate elliptic curve parameters used to generate public keys during a
> Diffie-Hellman key exchange, which may allow a remote attacker to obtain the
> encryption key used by the device.
> 
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5383.html
> 
> According to Intel, linux-4.4.y is affected, but backporting the upstream fix
> was not feasible (net/bluetooth/ecc.c, that is shipped in 4.4, has a different
> provenance than crypto/ecc.c, that is the recent upstream implementation).
> Linux 4.12+ completely removed net/blueooth/ecc.c and replaced it with the
> crypto module ecdh (the one that received the cve fix upstream), and this is a
> backport of that crypto module (plus all the necessary commits to make the
> backport apply cleanly), and the actual cve fix.
> 
> The result is a clean cherry-pick from upstream (with some mechanical
> modification), tested on a Xenial amd64 box, succesfully connecting it via
> bluetooth to several devices (audio, hid, mobile) and exhanging different data
> streams (audio, files, etc).
> 
> The following changes since commit 3693aaff5f5b24a250ecb936f320d0a5849bf62b:
> 
>   UBUNTU: Ubuntu-4.4.0-143.169 (2019-02-06 10:39:59 +0000)
> 
> are available in the git repository at:
> 
>   git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 7a716e4ece23d2d9f86aa58d45500df7429fd2b3
> 
> for you to fetch changes up to 7a716e4ece23d2d9f86aa58d45500df7429fd2b3:
> 
>   crypto: ecdh - add public key verification test (2019-07-17 13:52:51 +0000)
> 
> ----------------------------------------------------------------
> Paolo Pisati (1):
>       UBUNTU: [Config] CRYPTO_ECDH=m
> 
> Pierre (1):
>       crypto: ecc - Fix NULL pointer deref. on no default_rng
> 
> Salvatore Benedetto (4):
>       crypto: kpp - Key-agreement Protocol Primitives API (KPP)
>       crypto: dh - Add DH software implementation
>       crypto: ecdh - Add ECDH software support
>       Bluetooth: convert smp and selftest to crypto kpp API
> 
> Stephan Mueller (2):
>       crypto: doc - add KPP documentation
>       crypto: ecdh - add public key verification test
> 
> Stephen Rothwell (1):
>       crypto: ecdh - make ecdh_shared_secret unique
> 
> Tudor-Dan Ambarus (5):
>       crypto: kpp, (ec)dh - fix typos
>       crypto: ecc - remove unused function arguments
>       crypto: ecc - remove unnecessary casts
>       crypto: ecc - rename ecdh_make_pub_key()
>       crypto: ecdh - add privkey generation support
> 
>  Documentation/crypto/api-kpp.rst          |   92 +++
>  crypto/Kconfig                            |   24 +
>  crypto/Makefile                           |   10 +
>  crypto/crypto_user.c                      |   20 +
>  crypto/dh.c                               |  189 +++++
>  crypto/dh_helper.c                        |   95 +++
>  crypto/ecc.c                              | 1104 +++++++++++++++++++++++++++++
>  crypto/ecc.h                              |   92 +++
>  crypto/ecc_curve_defs.h                   |   71 ++
>  crypto/ecdh.c                             |  153 ++++
>  crypto/ecdh_helper.c                      |   86 +++
>  crypto/kpp.c                              |  123 ++++
>  crypto/testmgr.c                          |  154 ++++
>  crypto/testmgr.h                          |  323 +++++++++
>  debian.master/config/config.common.ubuntu |    3 +
>  include/crypto/dh.h                       |   87 +++
>  include/crypto/ecdh.h                     |   88 +++
>  include/crypto/internal/kpp.h             |   64 ++
>  include/crypto/kpp.h                      |  339 +++++++++
>  include/linux/crypto.h                    |    1 +
>  include/uapi/linux/cryptouser.h           |    5 +
>  net/bluetooth/Kconfig                     |    1 +
>  net/bluetooth/Makefile                    |    2 +-
>  net/bluetooth/ecc.c                       |  816 ---------------------
>  net/bluetooth/ecc.h                       |   54 --
>  net/bluetooth/ecdh_helper.c               |  223 ++++++
>  net/bluetooth/ecdh_helper.h               |   27 +
>  net/bluetooth/selftest.c                  |    6 +-
>  net/bluetooth/smp.c                       |    8 +-
>  29 files changed, 3382 insertions(+), 878 deletions(-)
>  create mode 100644 Documentation/crypto/api-kpp.rst
>  create mode 100644 crypto/dh.c
>  create mode 100644 crypto/dh_helper.c
>  create mode 100644 crypto/ecc.c
>  create mode 100644 crypto/ecc.h
>  create mode 100644 crypto/ecc_curve_defs.h
>  create mode 100644 crypto/ecdh.c
>  create mode 100644 crypto/ecdh_helper.c
>  create mode 100644 crypto/kpp.c
>  create mode 100644 include/crypto/dh.h
>  create mode 100644 include/crypto/ecdh.h
>  create mode 100644 include/crypto/internal/kpp.h
>  create mode 100644 include/crypto/kpp.h
>  delete mode 100644 net/bluetooth/ecc.c
>  delete mode 100644 net/bluetooth/ecc.h
>  create mode 100644 net/bluetooth/ecdh_helper.c
>  create mode 100644 net/bluetooth/ecdh_helper.h
> -- 
> bye,
> p.
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team