Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: minimize potential memory leaks of sensitive data on the wallet code #4953

Merged
merged 11 commits into from
Nov 28, 2022
Merged

fix: minimize potential memory leaks of sensitive data on the wallet code #4953

merged 11 commits into from
Nov 28, 2022

Conversation

jorgeantonio21
Copy link
Contributor

@jorgeantonio21 jorgeantonio21 commented Nov 24, 2022
edited

Description

Sensitive data is transmitted from wallet and db (ideally encrypted). However, the code is not completely robust against memory leaks. This PR proposes a way to minimize this risk. This implies enforcing encryption immediately whenever we process data for Sqlite interaction (or when fetching it). We further remove any update of sensitive data on SQL outputs, as this would increase the potential risk of memory leaks across the code.

Motivation and Context

Address security vulnerabilities in the wallet code. This PR is related to issue #4846.

How Has This Been Tested?

Refactor some of the existing unit tests.

jorgeantonio21
jorgeantonio21 commented Nov 24, 2022
View reviewed changes
base_layer/wallet/src/util/encryption.rs
@@ -77,7 +78,7 @@ pub fn decrypt_bytes_integral_nonce(
pub fn encrypt_bytes_integral_nonce(
cipher: &XChaCha20Poly1305,
domain: Vec<u8>,
plaintext: Vec<u8>,
plaintext: Hidden<Vec<u8>>,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another possibility is to pass a plain Vec<u8> as input and then zeroize plaintext at the end of the function.

@jorgeantonio21 jorgeantonio21 marked this pull request as ready for review November 25, 2022 08:34
@stringhandler stringhandler merged commit e364994 into tari-project:development Nov 28, 2022
@jorgeantonio21 jorgeantonio21 mentioned this pull request Nov 28, 2022
Merged
stringhandler pushed a commit that referenced this pull request Nov 30, 2022
@jorgeantonio21
fix: hide sensitive data on tari repo (see issue #4846) (#4967)
bcc47e1 
Description
---
The goal of this PR is to zeroize sensitive data content across the Tari repo.  We pay special attention to kdf key data and other occurrences of sensitive data. For more details, we refer to issue #4846. Moreover, this PR is a companion to #4953 and #4925

Motivation and Context
---
Tackle issue #4846.

How Has This Been Tested?
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stringhandler stringhandler stringhandler approved these changes

@SWvheerden SWvheerden Awaiting requested review from SWvheerden

@agubarev agubarev Awaiting requested review from agubarev

@sdbondi sdbondi Awaiting requested review from sdbondi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jorgeantonio21 @stringhandler