Commit c6bd8456 authored by johan's avatar johan

Add a function for secure buffer cleaning

must be used to wipe out sensitive data from memory
should make use of memset_s or SecureZeroMemory when available
parent 971953a9
......@@ -1104,6 +1104,18 @@ BCTBX_PUBLIC void bctbx_aes256CfbDecrypt(const uint8_t *key,
size_t inputLength,
uint8_t *output);
/*****************************************************************************/
/***** Cleaning *****/
/*****************************************************************************/
/**
* @brief force a buffer values to zero in a way that shall prevent the compiler from optimizing it out
*
* @param[in/out] buffer the buffer to be cleared
* @param[in] size buffer size
*/
BCTBX_PUBLIC void bctbx_clean(void *buffer, size_t size);
#ifdef __cplusplus
}
#endif
......
......@@ -27,6 +27,7 @@ set(BCTOOLBOX_C_SOURCE_FILES
vfs.c
vconnect.c
parser.c
crypto/crypto.c
)
......
/*
crypto.c : functions common to all the crypto backends
Copyright (C) 2017 Belledonne Communications SARL
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <bctoolbox/crypto.h>
/*****************************************************************************/
/***** Cleaning *****/
/*****************************************************************************/
/**
* @brief force a buffer value to zero in a way that shall prevent the compiler from optimizing it out
*
* @param[in/out] buffer the buffer to be cleared
* @param[in] size buffer size
*/
void bctbx_clean(void *buffer, size_t size) {
//TODO: use memset_s or SecureZeroMemory when available
volatile uint8_t *p = buffer;
while(size--) *p++ = 0;
}
......@@ -228,14 +228,14 @@ void bctbx_DestroyECDHContext(bctbx_ECDHContext_t *context) {
if (context!= NULL) {
/* key and secret must be erased from memory and not just freed */
if (context->secret != NULL) {
memset(context->secret, 0, context->secretLength);
bctbx_clean(context->secret, context->secretLength);
free(context->secret);
context->secret=NULL;
}
free(context->selfPublic);
context->selfPublic=NULL;
if (context->sharedSecret != NULL) {
memset(context->sharedSecret, 0, context->pointCoordinateLength);
bctbx_clean(context->sharedSecret, context->pointCoordinateLength);
free(context->sharedSecret);
context->sharedSecret=NULL;
}
......@@ -322,7 +322,7 @@ void bctbx_DestroyEDDSAContext(bctbx_EDDSAContext_t *context) {
if (context!= NULL) {
/* secretKey must be erased from memory and not just freed */
if (context->secretKey != NULL) {
memset(context->secretKey, 0, context->secretLength);
bctbx_clean(context->secretKey, context->secretLength);
free(context->secretKey);
}
free(context->publicKey);
......
......@@ -767,12 +767,12 @@ void bctbx_DestroyDHMContext(bctbx_DHMContext_t *context) {
if (context!= NULL) {
/* key and secret must be erased from memory and not just freed */
if (context->secret != NULL) {
memset(context->secret, 0, context->secretLength);
bctbx_clean(context->secret, context->secretLength);
free(context->secret);
}
free(context->self);
if (context->key != NULL) {
memset(context->key, 0, context->primeLength);
bctbx_clean(context->key, context->primeLength);
free(context->key);
}
free(context->peer);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment