oasis-core icon indicating copy to clipboard operation
oasis-core copied to clipboard
verified publisher icon oasisprotocol

Zeroize sensitive CHURP data

Open peternose opened this issue 1 year ago • 1 comments

Ensure that all CHURP structures containing sensitive data (e.g., key shares, derived keys, switch points, etc.) are zeroized on drop to prevent an attacker from retrieving any residual information.

peternose avatar Jul 15 '24 19:07 peternose

It looks like p386 crate doesn't zeroize all sensitive data.

The crate uses crypto-bigint crate which constructs stack-allocated big integer types Uints using an array of Limbs or wrapped Words . The former can be zeroized, but the latter not. Because of that, some intermediate values in calculations are not zeroized. For example, function adc creates variables a and b of type WideWord, which are never zeroized.

peternose avatar Aug 06 '24 11:08 peternose