2 releases
Uses old Rust 2015
0.1.1 | Jul 30, 2016 |
---|---|
0.1.0 | Jul 30, 2016 |
#2480 in Cryptography
10KB
174 lines
SecBox -- Sensitive data container.
I found myself reimplementing this piece in different projects, so I decided to make it a library.
secbox
provides a primitive which tries to harden protection of the inner
data, preventing certain attack vectors. It can be used as building block to
primitives like SecStr
.
The docs detail the methods used.
This is useful for storing sensitive data like passwords and private keys.
Cargo.toml
secbox = "0.1.0"
Example
// We box the vector, despite only being a container. Techinically, this is
// unnecessary, but it improves the security slightly.
let mut pass = SecBox::new(Vec::new());
for i in ::std::io::stdin().chars() {
match i {
// Stop on enter.
'\n' => break,
// We SecBox it and the push it. SecBoxing it here will protect the
// data through a variety of measures.
i => pass.push(SecBox::new(i)),
}
}
lib.rs
:
SecBox.
This crate provides a security primitive, SecBox
, which tries to limit the damage
of common vulnerabilities.
Vulerabilities
-
Stack or local out-of-bound indexing: You can usually use buffer overflow to read the stack, but if you need to deref the element to get the data, you often cannot know how much to offset by (that is, you don't know at what address the array starts). Scanning linearly is unproductive (especially since the data doesn't line up) and quickly results in segfault.
-
Partial memory dumps: Partial memory dumps (e.g. page dumps or CPU cache dumps) are avoided by discontinuity, which means that partial memory segments would rarely contain interesting data.
-
Swap RAM data leaks: To avoid the memory being written to persistent memory (and thus easier to access), we memlock the internal data, making sure that the data never leaves the temporary memory.
-
Read of uninitialized data: Uninitialized reads is a rare bug in Rust, but it is common in C and C++ and thus Rust bindings to libraries written in those. For this reason, we make sure that the data overwritten it with zeros, and thus made unaccessible after free.
-
Crash dump data leaks: Due to zeroing data, crash dumps are often limited in exposure of sensitive data.
NB!
SecBox
doesn't mean that the inner data is completely protected. You still need to make sure
it is handled properly and not leaked by other means.
Dependencies
~43KB