Tillitis TKey Client User Supplied Secret Handling Vulnerability

A vulnerability exists in the Tillitis TKey Client Go package, specifically in versions through 1.2.0. The issue arises from a buffer index error that causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored. This flaw results in the same Compound Device Identifier (CDI) being produced as if no USS was provided, thereby compromising the uniqueness of the key material. The vulnerability occurs because the first byte of the USS digest, when it starts with a zero, overwrites a boolean flag that indicates whether the USS is being used. As a consequence, any USS whose hash begins with 0x00 is effectively discarded. This problem has been addressed in version 1.3.0 of the package.

Impact

The vulnerability leads to a situation where certain User Supplied Secrets are not utilized, causing the generated Compound Device Identifier to be identical to that produced without any USS. This results in the same key material being used, undermining the intended uniqueness and security of the keys.

Reproduction

To reproduce this vulnerability, use a User Supplied Secret (USS) that hashes to a value starting with a zero byte. Insert the TKey device into the client and load an application while providing the vulnerable USS. The resulting Compound Device Identifier will be the same as if no USS was used, demonstrating the flaw.

Remediation

Users should upgrade to Tillitis TKey Client version 1.3.0, which fixes the vulnerability by correctly handling the USS digest. For those unable to upgrade immediately, it is recommended to use a USS that does not hash to a value beginning with a zero byte.