Skip to content

Fix a few SecureStore issues (following preliminary security review) #8987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 11, 2018
Merged

Fix a few SecureStore issues (following preliminary security review) #8987

merged 1 commit into from
Dec 11, 2018

Conversation

davidsaada
Copy link
Contributor

@davidsaada davidsaada commented Dec 6, 2018
edited
Loading

Description

This PR includes a few fixes to SecureStore, following a preliminary security review.

These include:

  • Remove the require integrity flag (authentication) - always authenticate
  • Use RBP KV to store CMAC also in write once case
  • Allow removing a key if reading it failed on RBP authentication error'
  • Disable SecureStore if user disables MBED TLS AES CTR or CMAC in TLS config

Design docs modified as well.

Resolves #8865

Pull request type

[ ] Fix
[ ] Refactor
[ ] Target update
[x] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

@ciarmcom ciarmcom requested review from a team December 6, 2018 12:00
@ciarmcom
Copy link
Member

ciarmcom commented Dec 6, 2018

@davidsaada, thank you for your changes.
@ARMmbed/mbed-os-storage @ARMmbed/mbed-os-maintainers please review.

@dannybenor
Copy link

@jenia81 @shelib01 @evgenibo @TaniaMirzin @trianglee Please be aware of this change that is a result of a preliminary security review: REQUIRE_INTEGRITY_FLAG has been removed and authentication is now mandatory. Other security bugs solved.

@dannybenor
Copy link

@AnotherButler This change will require changes in documentation. Will issue a PR

@dannybenor dannybenor mentioned this pull request Dec 6, 2018
Merged
@davidsaada davidsaada force-pushed the david_securestore_fixes branch from 4a7247c to b533f9d Compare December 6, 2018 13:19
@davidsaada davidsaada mentioned this pull request Dec 6, 2018
Closed
@davidsaada
Copy link
Contributor Author

@0xc0170 @adbridge @dannybenor
I think we should try to push it to 5.11 RC3. This will actually become a breaking change if we don't (as we remove one of the SecureStore flags).

@0xc0170
Copy link
Contributor

0xc0170 commented Dec 10, 2018

@davidsaada Anyone else who should review? We can start CI in the meantime

@0xc0170
Copy link
Contributor

0xc0170 commented Dec 10, 2018

CI started

@davidsaada
Copy link
Contributor Author

@0xc0170 please add @jlgarm

@mbed-ci
Copy link

mbed-ci commented Dec 10, 2018

Test run: FAILED

Summary: 1 of 11 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_greentea-test

@cmonr cmonr requested a review from jlgarm December 10, 2018 19:10
@cmonr
Copy link
Contributor

cmonr commented Dec 10, 2018

@davidsaada Please take a look at the get_info_existed_key test against K**F devices. They all failed in CI.

Fix a few SecureStore issues (following preliminary security review)
cb7f68e 
- Remove require integrity flag (authentication) - always authenticate
- Use RBP KV to store CMAC also in write once case
- Allow removing a key if reading it failed on RBP authentication error
- Disable SecureStore if user disables MBED TLS AES CTR or CMAC
@davidsaada davidsaada force-pushed the david_securestore_fixes branch from b533f9d to cb7f68e Compare December 10, 2018 21:35
@davidsaada
Copy link
Contributor Author

@cmonr Should be OK now.

@cmonr cmonr removed the needs: work label Dec 11, 2018
@cmonr
Copy link
Contributor

cmonr commented Dec 11, 2018

CI started

@mbed-ci
Copy link

mbed-ci commented Dec 11, 2018

Test run: SUCCESS

Summary: 11 of 11 test jobs passed
Build number : 2
Build artifacts

@0xc0170 0xc0170 merged commit c180676 into ARMmbed:master Dec 11, 2018
@davidsaada davidsaada deleted the david_securestore_fixes branch December 12, 2018 16:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xc0170 0xc0170 0xc0170 approved these changes

@dannybenor dannybenor dannybenor approved these changes

@jlgarm jlgarm Awaiting requested review from jlgarm

Assignees
No one assigned
Labels
release-version: 5.11.0-rc3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SecureStore requires MBEDTLS_CIPHER_MODE_CTR to compile
7 participants
@davidsaada @ciarmcom @dannybenor @0xc0170 @mbed-ci @cmonr @adbridge