fix: zero sensitive crypto key material after use#81
Merged
Conversation
Zero ephemeral private keys, ECDH shared secrets, KEKs, CEKs, and intermediate HKDF derivation keys immediately after use to reduce the window where sensitive material remains in process memory. Changes: - ecdh.go: defer clear() for ephPriv, sharedSecret, kek in ECDHESWrapKey and sharedSecret, kek in ECDHESUnwrapKey - jwe.go: defer clear(cek) in EncryptData, DecryptData, DecryptDataWithScheme - hkdf.go: clear(currentKey) before reassignment and on error in DeriveKeyBytes - protocol.go: defer clear(protocolLevelKey) in InjectEncryptionDirectives, clear(childPrivateKey) after recursive call in injectEncryptionRecursive - protocol.go: add Close() method to EncryptionKeyManager for graceful shutdown zeroization of RootPrivateKey and all contextKeys Build, vet, and tests (with -race) all pass.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #78.
Zero ephemeral private keys, ECDH shared secrets, KEKs, CEKs, and intermediate HKDF derivation keys immediately after use to reduce the window where sensitive material remains in process memory.
Changes
ecdh.go:defer clear()for ephemeral private key, shared secret, and KEK inECDHESWrapKey; shared secret and KEK inECDHESUnwrapKeyjwe.go:defer clear(cek)inEncryptData,DecryptData,DecryptDataWithSchemehkdf.go:clear(currentKey)before reassignment and on error path inDeriveKeyBytesprotocol.go:defer clear(protocolLevelKey)inInjectEncryptionDirectives,clear(childPrivateKey)after recursive call ininjectEncryptionRecursiveprotocol.go: NewClose()method onEncryptionKeyManagerfor graceful shutdown — zerosRootPrivateKeyand allcontextKeysDesign notes
Dfields) cannot be zeroed; this is a known language limitation.EncryptionKeyManager.RootPrivateKeyis needed for the process lifetime, so it gets aClose()method for graceful shutdown rather than immediate zeroization.clear()(available since Go 1.21) for byte slices.Verification
go build ./...— zero errorsgo vet ./...— zero warningsgo test ./... -count=1 -race— all tests pass, no data races