diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2023-09-22 12:17:16 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2023-09-22 15:32:46 +0200 |
commit | f05cddce877f2b36993a180cdf044172e6e3801b (patch) | |
tree | 9e746bf130920801d3edc0d730569414f5f8a415 | |
parent | 03deb1e127ece52bab798dd128addca5948e0d91 (diff) |
openpgp: Zero the stack after signing using ed25519-dalek.
-rw-r--r-- | openpgp/src/crypto/backend/cng/asymmetric.rs | 4 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/rust/asymmetric.rs | 4 | ||||
-rw-r--r-- | openpgp/src/crypto/mem.rs | 11 |
3 files changed, 15 insertions, 4 deletions
diff --git a/openpgp/src/crypto/backend/cng/asymmetric.rs b/openpgp/src/crypto/backend/cng/asymmetric.rs index debddac5..a681b2a5 100644 --- a/openpgp/src/crypto/backend/cng/asymmetric.rs +++ b/openpgp/src/crypto/backend/cng/asymmetric.rs @@ -8,7 +8,7 @@ use crate::{Error, Result}; use crate::crypto::asymmetric::KeyPair; use crate::crypto::backend::interface::Asymmetric; -use crate::crypto::mem::Protected; +use crate::crypto::mem::{Protected, zero_stack}; use crate::crypto::mpi::{self, MPI, ProtectedMPI}; use crate::crypto::SessionKey; use crate::crypto::{pad, pad_at_least, pad_truncating}; @@ -131,7 +131,7 @@ impl Asymmetric for super::Backend { -> Result<[u8; 64]> { use ed25519_dalek::{SigningKey, Signer}; let pair: SigningKey = secret.try_into()?; - Ok(pair.sign(digest).to_bytes().try_into()?) + Ok(zero_stack::<256, _>(pair.sign(digest)).to_bytes().try_into()?) } fn ed25519_verify(public: &[u8; 32], digest: &[u8], signature: &[u8; 64]) diff --git a/openpgp/src/crypto/backend/rust/asymmetric.rs b/openpgp/src/crypto/backend/rust/asymmetric.rs index 6ed97575..d0d199f5 100644 --- a/openpgp/src/crypto/backend/rust/asymmetric.rs +++ b/openpgp/src/crypto/backend/rust/asymmetric.rs @@ -14,7 +14,7 @@ use rsa::{Pkcs1v15Encrypt, RsaPublicKey, RsaPrivateKey, Pkcs1v15Sign}; use crate::{Error, Result}; use crate::crypto::asymmetric::KeyPair; use crate::crypto::backend::interface::Asymmetric; -use crate::crypto::mem::Protected; +use crate::crypto::mem::{Protected, zero_stack}; use crate::crypto::mpi::{self, MPI, ProtectedMPI}; use crate::crypto::SessionKey; use crate::crypto::pad_truncating; @@ -119,7 +119,7 @@ impl Asymmetric for super::Backend { -> Result<[u8; 64]> { use ed25519_dalek::{SigningKey, Signer}; let pair: SigningKey = secret.try_into()?; - Ok(pair.sign(digest).to_bytes().try_into()?) + Ok(zero_stack::<256, _>(pair.sign(digest)).to_bytes().try_into()?) } fn ed25519_verify(public: &[u8; 32], digest: &[u8], signature: &[u8; 64]) diff --git a/openpgp/src/crypto/mem.rs b/openpgp/src/crypto/mem.rs index c795c7e1..8540776b 100644 --- a/openpgp/src/crypto/mem.rs +++ b/openpgp/src/crypto/mem.rs @@ -152,6 +152,17 @@ impl From<Vec<u8>> for Protected { } } +/// Zeros N bytes on the stack, returning the given value. +#[allow(dead_code)] +pub(crate) fn zero_stack<const N: usize, T>(v: T) -> T { + let mut a = [0xffu8; N]; + unsafe { + memsec::memzero(a.as_mut_ptr(), a.len()); + } + std::hint::black_box(a); + v +} + impl From<Box<[u8]>> for Protected { fn from(v: Box<[u8]>) -> Self { Protected(Box::leak(v)) |