2 releases

Uses old Rust 2015

0.1.1 Jul 30, 2016
0.1.0 Jul 30, 2016

#2480 in Cryptography

MIT license

10KB
174 lines

SecBox -- Sensitive data container.

I found myself reimplementing this piece in different projects, so I decided to make it a library.

secbox provides a primitive which tries to harden protection of the inner data, preventing certain attack vectors. It can be used as building block to primitives like SecStr.

The docs detail the methods used.

This is useful for storing sensitive data like passwords and private keys.

Cargo.toml

secbox = "0.1.0"

Example

// We box the vector, despite only being a container. Techinically, this is
// unnecessary, but it improves the security slightly.
let mut pass = SecBox::new(Vec::new());

for i in ::std::io::stdin().chars() {
    match i {
        // Stop on enter.
        '\n' => break,
        // We SecBox it and the push it. SecBoxing it here will protect the
        // data through a variety of measures.
        i => pass.push(SecBox::new(i)),
    }
}

lib.rs:

SecBox.

This crate provides a security primitive, SecBox, which tries to limit the damage of common vulnerabilities.

Vulerabilities

  • Stack or local out-of-bound indexing: You can usually use buffer overflow to read the stack, but if you need to deref the element to get the data, you often cannot know how much to offset by (that is, you don't know at what address the array starts). Scanning linearly is unproductive (especially since the data doesn't line up) and quickly results in segfault.

  • Partial memory dumps: Partial memory dumps (e.g. page dumps or CPU cache dumps) are avoided by discontinuity, which means that partial memory segments would rarely contain interesting data.

  • Swap RAM data leaks: To avoid the memory being written to persistent memory (and thus easier to access), we memlock the internal data, making sure that the data never leaves the temporary memory.

  • Read of uninitialized data: Uninitialized reads is a rare bug in Rust, but it is common in C and C++ and thus Rust bindings to libraries written in those. For this reason, we make sure that the data overwritten it with zeros, and thus made unaccessible after free.

  • Crash dump data leaks: Due to zeroing data, crash dumps are often limited in exposure of sensitive data.

NB!

SecBox doesn't mean that the inner data is completely protected. You still need to make sure it is handled properly and not leaked by other means.

Dependencies

~43KB