Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-05-12 18:58:36 -07:00
Code Issues Packages Projects Releases Wiki Activity

crypto: Erase key from RAM after storing into enclave

Browse Source 
When storing a new unique secret key in the secure enclave, it is
temporarily stored in a stack buffer accessible by CPU1.
Since it is a secret key, it should not be kept in memory as it could
be leaked.

This commit calls the explicit_bzero() function from the libc to ensure
that the buffer containing the key is cleared. Unlike with bzero() and
memset(), the compiler won't optimize away calls to explicit_bzero().
This commit is contained in:
Hugo Grostabussiat
2023-02-05 19:22:31 +01:00
committed by Willy-JL
parent 512bba335b
commit be8387afb5
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
applications/services/crypto/crypto_cli.c
View File

@@ -276,6 +276,7 @@ void crypto_cli_store_key(Cli* cli, FuriString* args) {
}
} while(0);
explicit_bzero(data, sizeof(data));
furi_string_free(key_type);
}