ArrayOutput need `zeroed` after pull?

Question

ArrayOutput need `zeroed` after pull?

sonder-joker opened this issue 3 years ago · 2 comments

I notice rust implementation would zero symmetric key after destory. However, when it export

pub fn symmetric_key_export(
    &self,
    symmetric_key_handle: Handle,
) -> Result<Handle, CryptoError> {
    let symmetric_key = self.handles.symmetric_key.get(symmetric_key_handle)?;
    let array_output_handle =
        ArrayOutput::register(&self.handles, symmetric_key.inner().as_raw()?.to_vec())?;
    Ok(array_output_handle)
}

It will stay in memory after pull(). It this safe?
If not safe, should we zeroed memory in Arrayoutput or more detail (like Arrayoutput for key)?
@jedisct1

Answer 1 · 2022-04-12T18:10:46.000Z

Good catch.

Zeroing keys is technically not required, but a good practice against cold boot attacks.

Maybe we can unconditionally zero the buffer after pull() succeeds. ArrayOutput values are always small, so it shouldn't be a big performance hit.

Answer 2 · 2022-04-12T18:25:47.000Z

Thank you!