Secret keys should be stored in memlock'd memory only

zeromq / libzmq

ZeroMQ core engine in C++, implements ZMTP/3.1

https://www.zeromq.org

Mozilla Public License 2.0

9.71k stars 2.35k forks source link

Secret keys should be stored in memlock'd memory only #1150

Open luke-jr opened 10 years ago

luke-jr commented 10 years ago

To avoid risk of private keys being swapped to disk, the memory storing them should be memlock'd.

zmqz85{decode,encode} should probably insist on using registers for sensitive key data as well.

xaqq commented 10 years ago

Hello, zmq_z85_{encode,decode} are, in my opinion, general purpose encoding and decoding function. I don't think they should take special care about how they manipulate data. Maybe a secure version of those functions could be provided if there is need for it.

I think preventing critical data from being swapped to disk is not the library role, and swap should be encrypted if writing data to it can be problematic.

Asmod4n commented 9 years ago

libsodium has cross platform support for guarded heap allocations, since zeromq uses it all that would be necessary would be to use sodium_malloc and sodium_free instead of the normal malloc and free. For extra security those pages could be locked while they are not needed aka sodium_mprotect_noaccess and sodium_mprotect_readonly.

http://doc.libsodium.org/helpers/memory_management.html