From patchwork Wed Jul 17 14:21:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Pisati X-Patchwork-Id: 1133332 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45pfZr5yHQz9sDB; Thu, 18 Jul 2019 00:21:24 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1hnko1-0007v0-RW; Wed, 17 Jul 2019 14:21:17 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1hnknz-0007u0-UP for kernel-team@lists.ubuntu.com; Wed, 17 Jul 2019 14:21:15 +0000 Received: from 1.general.ppisati.uk.vpn ([10.172.193.134] helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1hnknz-0001Gx-IO for kernel-team@lists.ubuntu.com; Wed, 17 Jul 2019 14:21:15 +0000 Date: Wed, 17 Jul 2019 16:21:15 +0200 From: Paolo Pisati To: Ubuntu Kernel Team Subject: [SRU][X/master][pull-req] CVE-2018-5383: Bluetooth info leak Message-ID: <20190717142115.GA9914@harukaze> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5383.html According to Intel, linux-4.4.y is affected, but backporting the upstream fix was not feasible (net/bluetooth/ecc.c, that is shipped in 4.4, has a different provenance than crypto/ecc.c, that is the recent upstream implementation). Linux 4.12+ completely removed net/blueooth/ecc.c and replaced it with the crypto module ecdh (the one that received the cve fix upstream), and this is a backport of that crypto module (plus all the necessary commits to make the backport apply cleanly), and the actual cve fix. The result is a clean cherry-pick from upstream (with some mechanical modification), tested on a Xenial amd64 box, succesfully connecting it via bluetooth to several devices (audio, hid, mobile) and exhanging different data streams (audio, files, etc). The following changes since commit 3693aaff5f5b24a250ecb936f320d0a5849bf62b: UBUNTU: Ubuntu-4.4.0-143.169 (2019-02-06 10:39:59 +0000) are available in the git repository at: git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 7a716e4ece23d2d9f86aa58d45500df7429fd2b3 for you to fetch changes up to 7a716e4ece23d2d9f86aa58d45500df7429fd2b3: crypto: ecdh - add public key verification test (2019-07-17 13:52:51 +0000) ---------------------------------------------------------------- Paolo Pisati (1): UBUNTU: [Config] CRYPTO_ECDH=m Pierre (1): crypto: ecc - Fix NULL pointer deref. on no default_rng Salvatore Benedetto (4): crypto: kpp - Key-agreement Protocol Primitives API (KPP) crypto: dh - Add DH software implementation crypto: ecdh - Add ECDH software support Bluetooth: convert smp and selftest to crypto kpp API Stephan Mueller (2): crypto: doc - add KPP documentation crypto: ecdh - add public key verification test Stephen Rothwell (1): crypto: ecdh - make ecdh_shared_secret unique Tudor-Dan Ambarus (5): crypto: kpp, (ec)dh - fix typos crypto: ecc - remove unused function arguments crypto: ecc - remove unnecessary casts crypto: ecc - rename ecdh_make_pub_key() crypto: ecdh - add privkey generation support Documentation/crypto/api-kpp.rst | 92 +++ crypto/Kconfig | 24 + crypto/Makefile | 10 + crypto/crypto_user.c | 20 + crypto/dh.c | 189 +++++ crypto/dh_helper.c | 95 +++ crypto/ecc.c | 1104 +++++++++++++++++++++++++++++ crypto/ecc.h | 92 +++ crypto/ecc_curve_defs.h | 71 ++ crypto/ecdh.c | 153 ++++ crypto/ecdh_helper.c | 86 +++ crypto/kpp.c | 123 ++++ crypto/testmgr.c | 154 ++++ crypto/testmgr.h | 323 +++++++++ debian.master/config/config.common.ubuntu | 3 + include/crypto/dh.h | 87 +++ include/crypto/ecdh.h | 88 +++ include/crypto/internal/kpp.h | 64 ++ include/crypto/kpp.h | 339 +++++++++ include/linux/crypto.h | 1 + include/uapi/linux/cryptouser.h | 5 + net/bluetooth/Kconfig | 1 + net/bluetooth/Makefile | 2 +- net/bluetooth/ecc.c | 816 --------------------- net/bluetooth/ecc.h | 54 -- net/bluetooth/ecdh_helper.c | 223 ++++++ net/bluetooth/ecdh_helper.h | 27 + net/bluetooth/selftest.c | 6 +- net/bluetooth/smp.c | 8 +- 29 files changed, 3382 insertions(+), 878 deletions(-) create mode 100644 Documentation/crypto/api-kpp.rst create mode 100644 crypto/dh.c create mode 100644 crypto/dh_helper.c create mode 100644 crypto/ecc.c create mode 100644 crypto/ecc.h create mode 100644 crypto/ecc_curve_defs.h create mode 100644 crypto/ecdh.c create mode 100644 crypto/ecdh_helper.c create mode 100644 crypto/kpp.c create mode 100644 include/crypto/dh.h create mode 100644 include/crypto/ecdh.h create mode 100644 include/crypto/internal/kpp.h create mode 100644 include/crypto/kpp.h delete mode 100644 net/bluetooth/ecc.c delete mode 100644 net/bluetooth/ecc.h create mode 100644 net/bluetooth/ecdh_helper.c create mode 100644 net/bluetooth/ecdh_helper.h Acked-by: Stefan Bader Acked-by: Connor Kuehl