Vec data are not protected

Question

Vec data are not protected

oblique opened this issue 5 years ago · 4 comments

Consider the following example:

use seckey::SecKey;

fn main() {
    let buf: Vec<u8> = vec![1, 2, 3, 4, 5, 6, 7];
    let orig_data = unsafe { std::slice::from_raw_parts(buf.as_ptr(), buf.len()) };

    let sec = SecKey::new(buf).unwrap();

    assert_eq!((*sec.read()).as_ptr(), orig_data.as_ptr());
    dbg!(orig_data);
}

Here SecKey will protect struct Vec only. The data that Vec holds are in the heap and SecKey doesn't protect them.

In issue #4 I talked about having &mut T, but after seeing this, maybe a proper way to protect data, is to only protect only bytes and string.

For example we can have:

SecBytes that will handle only &mut [u8] and the input will be zeroed.
SecStr that will handle only &mut str and the input will be zeroed.

What do you think?

Answer 1 · 2020-01-05T15:00:03.000Z

I think we can implement SecKey<[u8]> and SecKey<str>, but this is a bit tricky.

Answer 2 · 2020-01-05T15:21:38.000Z

We can have something like this:

pub fn from_bytes(bytes: &mut [u8]) -> Option<SecKey<[u8]>>;

But memsec crate needs to implement something like malloc_sized to be efficient.
I'm willing to implement them.

Answer 3 · 2020-01-05T15:28:37.000Z

Actually I have been thinking about refactor this crate, but present there is no complete idea. anyway, PR is welcome.

Answer 4 · 2020-08-04T13:10:49.000Z

I plan that SecKey will only keep SecKey<[u8]>.

you can use zerocopy or bytemuck to convert it to other types. for String, I recommend using bstr.