Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wipe Secure Cell key copy on deallocation #612

Merged
merged 1 commit into from
Mar 27, 2020
Merged

Wipe Secure Cell key copy on deallocation #612

merged 1 commit into from
Mar 27, 2020

Conversation

ilammy
Copy link
Collaborator

@ilammy ilammy commented Mar 26, 2020

Secure Cell currently makes a copy of the master key it was given. Since Objective-C is fairly low level and exposes the key property, it makes sense to wipe the sensitive key from memory when it can no longer be used by Secure Cell.

Do so by changing the underlying property type to NSMutableData and calling the wiping code in dealloc of TSCell.

While we're here, improve API docs of the basic Secure Cell class that actually stores the key.

Note that in Objective-C the key property returns NSData which respects retain-release mechanics so the users get a reference to the same data object as used by Secure Cell. However, in Swift NSData is bridged into Data type which has value semantics and effectively copies our copy of the key. We obviously cannot and should not wipe the copies we are not aware of, so this is a best effort approach.

Checklist

  • Change is covered by automated tests
  • Benchmark results are attached (somewhat interesting, but hopefully irrelevant)
  • The coding guidelines are followed
  • Public API has proper documentation

@ilammy
Wipe Secure Cell key copy on deallocation
bb1315e 
Secure Cell currently makes a copy of the master key it was given. Since
Objective-C is fairly low level and exposes the "key" property, it makes
sense to wipe the sensitive key from memory when it can no longer be
used by Secure Cell.

Do so by changing the underlying property type to NSMutableData and
calling the wiping code in "dealloc" of TSCell.

While we're here, improve API docs of the basic Secure Cell class that
actually stores the key.

Note that in Objective-C the "key" property returns NSData which
respects retain-release mechanics so the users get a reference to
the same data object as used by Secure Cell. However, in Swift NSData
is bridged into Data type which has value semantics and effectively
copies our copy of the key. We obviously cannot and should not wipe
the copies we are not aware of, so this is a best effort approach.
@ilammy ilammy added W-SwiftThemis 🔶 Wrapper: SwiftThemis, Swift API W-ObjCThemis 🎨 Wrapper: ObjCThemis, Objective-C API labels Mar 26, 2020
vixentael
vixentael approved these changes Mar 26, 2020
View reviewed changes
Copy link
Contributor

@vixentael vixentael left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doing our best here.

Question: in new passphrase interface, passphrase is stored in key property, so we don’t need to take any other steps to wipe it, right?

@ilammy
Copy link
Collaborator Author

ilammy commented Mar 26, 2020

Question: in new passphrase interface, passphrase is stored in key property, so we don’t need to take any other steps to wipe it, right?

Correct. It can be accessed as key and it will be wiped too.

@ilammy ilammy merged commit ba40a9c into cossacklabs:master Mar 27, 2020
@ilammy ilammy deleted the objc-zeroize branch March 27, 2020 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vixentael vixentael vixentael approved these changes

@Lagovas Lagovas Awaiting requested review from Lagovas

Assignees
No one assigned
Labels
W-ObjCThemis 🎨 Wrapper: ObjCThemis, Objective-C API W-SwiftThemis 🔶 Wrapper: SwiftThemis, Swift API
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ilammy @vixentael