-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure that KDF data is zeroized #4846
Comments
Would love to tackle this one :) |
For KDFs that don't already produce a zeroizing type, there are options:
|
After discussion with @jorgeantonio21, it was suggested that one approach might be to build a generic design similar to that of SafePassword. This would wrap the key type Such a generic design should ensure that different KDF output types are properly enforced by the type system, even if the underlying key types are the same. Even though the KDFs themselves (should) enforce domain separation, enforcing by type should help to keep design intent more clear. |
Maybe the type differentiation could be done in a similar fashion to the hashing API, where a macro is used to generate a struct that's used during instantiation. So we could have a macro that generates an effectively empty struct implementing some |
Here's a work-in-progress toy example that could be useful here and for other types of data that need to be hidden and zeroized and otherwise carefully managed. |
I am much in favor of using the approach outlined in the comment above. It offers a nice API to deal with any KDF that has to be carefully manipulated. @AaronFeickert maybe we can make a PR out of it and further discuss it. |
The link is to a PR now. |
Description --- We refactor the `key_manager` crate so that hides sensitive data such as mnemonics, encryption and mac keys, etc. Motivation and Context --- Tackle issue #4861 and a portion of #4846. Fixes #4861 How Has This Been Tested? --- Add unit tests for `SeedWords`. Also generated need wallet with visible seed words, to the user.
…code (#4953) Description --- Sensitive data is transmitted from wallet and db (ideally encrypted). However, the code is not completely robust against memory leaks. This PR proposes a way to minimize this risk. This implies enforcing encryption immediately whenever we process data for Sqlite interaction (or when fetching it). We further remove any update of sensitive data on SQL outputs, as this would increase the potential risk of memory leaks across the code. Motivation and Context --- Address security vulnerabilities in the wallet code. This PR is related to issue #4846. How Has This Been Tested? --- Refactor some of the existing unit tests.
Description --- The goal of this PR is to zeroize sensitive data content across the Tari repo. We pay special attention to kdf key data and other occurrences of sensitive data. For more details, we refer to issue #4846. Moreover, this PR is a companion to #4953 and #4925 Motivation and Context --- Tackle issue #4846. How Has This Been Tested? ---
The codebase includes several KDFs that handle secret data. Even though underlying input data (like secret keys or ECDH shared secrets) may be zeroized, it should be checked that subsequent KDF output data is also zeroized.
The text was updated successfully, but these errors were encountered: