Cryptographic API Misuse Vulnerability: AES ECB used for initialization (ESPTOOL-756)

[gxx777]

Operating System

ALL

Esptool Version

4.6.2

Python Version

python3.x

Full Esptool Command Line that Was Run

None

Esptool Output

Description:
I have identified a security vulnerability in the esptool project's use of AES ECB (Electronic Codebook) mode for initialization. This vulnerability can potentially expose sensitive information and compromise the security of the application.

Locations:
https://github.com/espressif/esptool/blob/master/espsecure/__init__.py#L128
https://github.com/espressif/esptool/blob/master/espsecure/__init__.py#L1195

Version:
esptool <= 4.6.2

What is the Expected Behaviour?

Expected Behavior: Instead of using AES ECB, it is recommended to use more secure encryption modes, such as AES CBC (Cipher Block Chaining) or AES GCM (Galois/Counter Mode), for configuration in order to enhance the security of esptool.

Recommendations: It is strongly recommended to update the project's code at line 128 and line 1195 in the init.py file to use more secure encryption modes, such as AES CBC or AES GCM, for configuration. This will help mitigate the potential security risks associated with using AES ECB.Otherwise,the cryprography.io(https://cryptography.io/) crypto library is a good programming practices.

More Information

No response

Other Steps to Reproduce

No response

[mahavirj]

@gxx777

Some of our earliest chips like ESP32 revision < ECO3 had support for secure boot and flash encryption schemes based on AES ECB modes. Please find the docs pointer 1, 2.

Recently we have migrated to more standard algorithms like RSA-3072, ECDSA for secure boot (v2) and AES-XTS for flash encryption.

In summary, the code you pointed is specific to some of our older chip revisions and their security features. We plan to continue supporting them in our tools.

Hope this helps!