Skip to content

Commit

Permalink
Zeroize private keys on drop
Browse files Browse the repository at this point in the history
  • Loading branch information
@bigspider
bigspider committed Dec 6, 2024
1 parent cb2ad33 commit e3e4265
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 7 deletions.
1 change: 1 addition & 0 deletions vm/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ hex = { version = "0.4.3", default-features = false, features = ["serde", "alloc
numtoa = "0.2.4"
postcard = { version = "1.0.8", features = ["alloc"] }
ledger_secure_sdk_sys = "1.5.3"
zeroize = "1.8.1"

[profile.release]
opt-level = 3
Expand Down
12 changes: 5 additions & 7 deletions vm/src/handlers/lib/ecall.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ use crate::{AppSW, Instruction};

use super::outsourced_mem::OutsourcedMemory;

use zeroize::Zeroizing;

// BIP32 supports up to 255, but we don't want that many, and it would be very slow anyway
const MAX_BIP32_PATH: usize = 16;

Expand Down Expand Up @@ -702,7 +704,7 @@ impl<'a> CommEcallHandler<'a> {
};

// derive the key
let mut private_key_local: [u8; 32] = [0; 32];
let mut private_key_local = Zeroizing::new([0u8; 32]);
let mut chain_code_local: [u8; 32] = [0; 32];
unsafe {
ledger_secure_sdk_sys::os_perso_derive_node_bip32(
Expand All @@ -716,12 +718,10 @@ impl<'a> CommEcallHandler<'a> {

// copy private_key and chain_code to V-App memory
cpu.get_segment(private_key.0)?
.write_buffer(private_key.0, &private_key_local)?;
.write_buffer(private_key.0, &private_key_local[..])?;
cpu.get_segment(chain_code.0)?
.write_buffer(chain_code.0, &chain_code_local)?;

// TODO: we should to make sure the private key is zeroed before returning

Ok(())
}

Expand All @@ -735,7 +735,7 @@ impl<'a> CommEcallHandler<'a> {
}

// derive the key
let mut private_key_local: [u8; 32] = [0; 32];
let mut private_key_local = Zeroizing::new([0u8; 32]);
let mut chain_code_local: [u8; 32] = [0; 32];

let mut pubkey: ledger_secure_sdk_sys::cx_ecfp_public_key_t = Default::default();
Expand Down Expand Up @@ -768,8 +768,6 @@ impl<'a> CommEcallHandler<'a> {
if ret1 != CX_OK || ret2 != CX_OK {
return Err("Failed to generate key pair");
}

// TODO: make sure that the private key is deleted
}

let mut sha_hasher = ledger_device_sdk::hash::sha2::Sha2_256::new();
Expand Down

0 comments on commit e3e4265

Please sign in to comment.