Skip to content

Security

brycx edited this page Apr 22, 2019 · 19 revisions

This section has security-relevant information regarding orion.

Release and codegen options

It is assumed that when using orion, it is done so using release mode. debug mode is not supported, since it can impact things such as constant-time execution.

orion must never be used with opt-level = 0, as this will, in most cases, result in variable time execution.

Memory:

orion has a best-effort approach to wiping sensitive memory. There are known obstacles for ensuring effective memory wiping using Rust (from zeroize):

However, be aware that Rust's current memory semantics (e.g. move) can leave copies of data in memory, and there isn't presently a good solution for ensuring all copies of data on the stack are properly cleared.

Furthermore, orion partly uses destructors to wipe memory. According to the Rustonomicon, there are no guarantees that destructors are actually called, as safe Rust considers failing to call destructors safe, "However any program that actually manages to do such a thing is probably incorrect." (from Rustonomicon).

Due to such limitations, orion offers no guarantees that all sensitive memory is wiped.

orion also makes no attempts to avoid sensitive memory being written to the system swap space.

Side-channel attacks:

orion only aims to protect against timing-based side-channel vulnerabilities.

No unsafe code:

orion itself forbids the use of so-called β€œunsafe” code, meaning that all memory-safety guarantees provided by Rust are enforced at compile-time. However, even though orion itself does not allow unsafe code, it is used in some of its dependencies.

These are metrics that give an overview of which dependencies use unsafe code and how much:

Metric output format: x/y
    x = unsafe code used by the build
    y = total unsafe code found in the crate

Symbols: 
    πŸ”’ = No `unsafe` usage found, declares #![forbid(unsafe_code)]
    ❓ = No `unsafe` usage found, missing #![forbid(unsafe_code)]
    ☒️  = `unsafe` usage found

Functions  Expressions  Impls  Traits  Methods  Dependency

0/0        0/0          0/0    0/0     0/0      πŸ”’  orion 0.13.1
0/0        12/40        0/0    0/0     0/0      ☒️  β”œβ”€β”€ rand_os 0.1.2
0/0        0/0          0/0    0/0     0/0      ❓  β”‚   β”œβ”€β”€ libc 0.2.48
0/0        47/47        0/0    0/0     0/0      ☒️  β”‚   └── rand_core 0.4.0
0/0        1/1          0/0    0/0     0/0      ☒️  β”œβ”€β”€ subtle 2.0.0
0/0        13/13        0/0    0/0     0/0      ☒️  β”œβ”€β”€ tiny-keccak 1.4.2
0/0        0/0          0/0    0/0     0/0      ❓  β”‚   └── crunchy 0.1.6
0/0        5/5          0/0    0/0     0/0      ☒️  └── zeroize 0.5.2

These metrics were made using cargo-geiger.

Third-party security audit:

orion has not yet received any formal security audit.

Clone this wiki locally