• State
  • Locked Locked
  • Replies 0 replies
  • Subscribers 51 subscribers
  • Views 1773 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[FAQ] CC254x OAD: AES CTR crypto implementation vulnerability

Marie H
Guru 67811 points
Other Parts Discussed in Thread: CC2541, CC2540, BLE-STACK

Summary

In the CC254x OAD solution:

  • aesCrypt function in EBL/app/sbl_exec.c is used to encrypt the OAD image (64 bytes of data at a time)
  • imgCrypt function in BEM/app/bem_main.c is used to decrypt the OAD image

AES-CTR cryptographic function is used in both the encryption functions above. The cryptographic function implementation resets the AES-CTR counter to its initial value every 4 AES blocks (64-bytes), resulting in keystream repetition every 64-bytes. This vulnerability can potentially be used to decrypt a firmware image without having to recover the AES key.

CVSS base score: 8.1

CVSS Vector(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected products

  • CC2540/CC2541 BLE-Stack SDK v1.5.0 and earlier

Potentially Impacted features

  • The potential vulnerability can impact the OAD image encryption functionality.

Suggested actions

The following service-pack release addresses the potential vulnerability:

Customers of affected products should apply this service-pack and consider further system-level security measures as appropriate. Customers are solely responsible for the security of their products and are encouraged to assess the possible risk of any potential security vulnerability.

Source

We would like to thank researchers from COSIC, KU Leuven and imec for reporting this potential vulnerability to the TI Product Security Incident Response Team (PSIRT) and working toward a coordinated report.

 

 

 

Important notice

TI PROVIDES THIS INFORMATION, INCLUDING THE CVSS (COMMON VULNERABILITY SCORING SYSTEM) SCORE, “AS IS” and with all faults, and disclaims all warranties, express and implied, including without limitation any implied warranties of merchantability, fitness for a particular purpose or non-infringement of third party intellectual property rights. THE CVSS SCORE WAS CALCULATED WITH THE CVSS 3.0 CALCULATOR AND IS BASED ON TI AVAILABLE INFORMATION AND TI ESTIMATES.

This resource is intended for skilled developers designing with TI products. You are solely responsible for (1) selecting the appropriate TI products for your application, (2) designing, validating and testing your application, and (3) ensuring your application meets applicable standards, and any other safety, security, or other requirements. This resource is subject to change without notice. TI grants you permission to use this resource only for development of an application that uses the TI products described in the resource. Other reproduction and display of these resources is prohibited. No license is granted to any other TI intellectual property right or to any third party intellectual property right. TI disclaims responsibility for, and you will fully indemnify TI and its representatives against, any claims, damages, costs, losses, and liabilities arising out of your use of these resources.

TI’s products are provided subject to TI’s Terms of Sale (www.ti.com/legal/termsofsale.html) or other applicable terms available either on ti.com or provided in conjunction with such TI products. TI’s provision of this resource does not expand or otherwise alter TI’s applicable warranties or warranty disclaimers for TI products.