diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2023-02-28 12:27:21 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2023-02-28 13:20:22 +0100 |
| commit | ace1e02b3a3a3729ceb437657e1a0c055ad217ce (patch) | |
| tree | 426966c7802d290eac4b82aa78b92ae50160073a | |
| parent | f6b4b029930ac93fd6b3efed0128940b4b343fe0 (diff) | |
openpgp: Stop secrets leaking into the heap during key generation.
| -rw-r--r-- | openpgp/src/crypto/backend/nettle/asymmetric.rs | 18 | ||||
| -rw-r--r-- | openpgp/src/crypto/mpi.rs | 12 |
2 files changed, 20 insertions, 10 deletions
diff --git a/openpgp/src/crypto/backend/nettle/asymmetric.rs b/openpgp/src/crypto/backend/nettle/asymmetric.rs index 9efad861..7bfe617a 100644 --- a/openpgp/src/crypto/backend/nettle/asymmetric.rs +++ b/openpgp/src/crypto/backend/nettle/asymmetric.rs @@ -406,9 +406,9 @@ impl<R> Key4<SecretParts, R> }, mpi::SecretKeyMaterial::RSA { d: mpi::MPI::new(d).into(), - p: mpi::MPI::new(&a[..]).into(), - q: mpi::MPI::new(&b[..]).into(), - u: mpi::MPI::new(&c[..]).into(), + p: a.into(), + q: b.into(), + u: c.into(), }.into()) } @@ -423,10 +423,10 @@ impl<R> Key4<SecretParts, R> n: MPI::new(&*public.n()), }; let private_mpis = mpi::SecretKeyMaterial::RSA { - d: MPI::new(&*private.d()).into(), - p: MPI::new(&*p).into(), - q: MPI::new(&*q).into(), - u: MPI::new(&*u).into(), + d: private.d().into(), + p: p.into(), + q: q.into(), + u: u.into(), }; Self::with_secret( @@ -518,7 +518,7 @@ impl<R> Key4<SecretParts, R> q: MPI::new_point(&pub_x, &pub_y, field_sz), }; let private_mpis = mpi::SecretKeyMaterial::ECDSA{ - scalar: MPI::new(&private.as_bytes()).into(), + scalar: private.as_bytes().into(), }; let sec = private_mpis.into(); @@ -557,7 +557,7 @@ impl<R> Key4<SecretParts, R> sym, }; let private_mpis = mpi::SecretKeyMaterial::ECDH{ - scalar: MPI::new(&private.as_bytes()).into(), + scalar: private.as_bytes().into(), }; let sec = private_mpis.into(); diff --git a/openpgp/src/crypto/mpi.rs b/openpgp/src/crypto/mpi.rs index e21ba98a..a1631ded 100644 --- a/openpgp/src/crypto/mpi.rs +++ b/openpgp/src/crypto/mpi.rs @@ -327,7 +327,17 @@ assert_send_and_sync!(ProtectedMPI); impl From<Vec<u8>> for ProtectedMPI { fn from(m: Vec<u8>) -> Self { - MPI::from(m).into() + let p = MPI::new(&m).into(); + drop(Protected::from(m)); // Erase source. + p + } +} + +impl From<Box<[u8]>> for ProtectedMPI { + fn from(m: Box<[u8]>) -> Self { + let p = MPI::new(&m).into(); + drop(Protected::from(m)); // Erase source. + p } } |