search

WebAssembly / wasi-crypto

WASI Cryptography API Proposal
162 stars 25 forks source link

ArrayOutput need `zeroed` after pull? #51

Closed sonder-joker closed 2 years ago

sonder-joker commented 2 years ago

I notice rust implementation would zero symmetric key after destory. However, when it export

pub fn symmetric_key_export(
    &self,
    symmetric_key_handle: Handle,
) -> Result<Handle, CryptoError> {
    let symmetric_key = self.handles.symmetric_key.get(symmetric_key_handle)?;
    let array_output_handle =
        ArrayOutput::register(&self.handles, symmetric_key.inner().as_raw()?.to_vec())?;
    Ok(array_output_handle)
}

It will stay in memory after pull(). It this safe? If not safe, should we zeroed memory in Arrayoutput or more detail (like Arrayoutput for key)? @jedisct1

jedisct1 commented 2 years ago

Good catch.

Zeroing keys is technically not required, but a good practice against cold boot attacks.

Maybe we can unconditionally zero the buffer after pull() succeeds. ArrayOutput values are always small, so it shouldn't be a big performance hit.

jedisct1 commented 2 years ago

Thank you!