Open ipetr0v opened 7 months ago
cc @tiziano88 @conradgrobler
Manually zeroing out memory is actually quite hard, because the compiler will probably optimize it away. We should look for some off the shelf solution to that problem, e.g. https://crates.io/crates/zeroize seems to solve that.
Yes, we should replace all instances where we implement Drop
and use .fill(0)
to try to zero out keys manually with the zeroize crate.
As an addition, we should probably also use OPENSSL_cleanse
for our C++ (with Java) code on the client side.
Currently our abstractions have to expose the private keys in order to:
Instance
key to decrypt theGroup
key that was received via Key ProvisioningFor example we have the following functions that expose the private key
instance_encryption_key
andget_private_key
.We need to implement an abstraction for private keys that:
drop()
Though we also don't want to reimplement Tink.
We also currently have 2 abstractions for the Encryption Private Key: https://github.com/project-oak/oak/blob/28b91c93fe8cfce452b1a9d2177e8ca3adab3b77/oak_crypto/src/encryptor.rs#L35-L37 https://github.com/project-oak/oak/blob/28b91c93fe8cfce452b1a9d2177e8ca3adab3b77/oak_crypto/src/hpke/mod.rs#L47-L50
We need to merge these implementations into one
EncryptionKey
, and keep it a low level abstraction, since enclave applications don't need to use it.