1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-17 05:52:44 +01:00

Merge pull request #10219 from bergzand/pr/crypt/helper_add_wipe

crypto/helper: Add secure wipe function
This commit is contained in:
Juan I Carrano 2018-11-30 11:32:45 +01:00 committed by GitHub
commit 77c9cc4041
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 69 additions and 0 deletions

View File

@ -33,3 +33,12 @@ int crypto_equals(const uint8_t *a, const uint8_t *b, size_t len)
return diff;
}
/* Compiler should not be allowed to optimize this */
void crypto_secure_wipe(void *buf, size_t len)
{
volatile uint8_t *vbuf = (uint8_t*)buf;
for (size_t i = 0; i < len; i++) {
vbuf[i] = 0;
}
}

View File

@ -49,6 +49,21 @@ void crypto_block_inc_ctr(uint8_t block[16], int L);
*/
int crypto_equals(const uint8_t *a, const uint8_t *b, size_t len);
/**
* @brief Secure wipe function.
*
* This wipe function zeros the supplied buffer in a way that the compiler is
* not allowed to optimize. This can be used to erase secrets from memory.
*
* Note that this function on its own could be insufficient against (data
* remanence) attacks. It is outside the scope of this function to thoroughly
* shred the memory area.
*
* @param[in] buf buffer to wipe
* @param[in] len size of the buffer in bytes
*/
void crypto_secure_wipe(void *buf, size_t len);
#ifdef __cplusplus
}
#endif

View File

@ -0,0 +1,38 @@
/*
* Copyright (C) 2018 Koen Zandberg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
#include <string.h>
#include "embUnit/embUnit.h"
#include "crypto/helper.h"
#define VALUE 0xAA
/* Secret to wipe */
static uint8_t secret[20];
void test_crypto_wipe(void)
{
memset(secret, VALUE, sizeof(secret));
/* Wipe everything except the last byte */
crypto_secure_wipe(secret, sizeof(secret) - 1);
for (size_t i = 0; i < (sizeof(secret) - 1); i++) {
TEST_ASSERT_EQUAL_INT(0, secret[i]);
}
/* Check last byte */
TEST_ASSERT_EQUAL_INT(VALUE, secret[19]);
}
Test *tests_crypto_helper_tests(void)
{
EMB_UNIT_TESTFIXTURES(fixtures) {
new_TestFixture(test_crypto_wipe),
};
EMB_UNIT_TESTCALLER(crypto_helper_tests, NULL, NULL, fixtures);
return (Test *) &crypto_helper_tests;
}

View File

@ -11,6 +11,7 @@
void tests_crypto(void)
{
TESTS_RUN(tests_crypto_helper_tests());
TESTS_RUN(tests_crypto_chacha_tests());
TESTS_RUN(tests_crypto_aes_tests());
TESTS_RUN(tests_crypto_cipher_tests());

View File

@ -33,6 +33,12 @@ extern "C" {
*/
void tests_crypto(void);
/**
* @brief Generates tests for helper functions
*
* @return embUnit tests
*/
Test *tests_crypto_helper_tests(void);
/**
* @brief Generates tests for crypto/chacha.h
*