[Cryptech-Commits] [sw/libhal] 02/03: If a KEK is given to keywrap/unwrap, zero it out of the keywrap core after use.

[git at cryptech.is]

This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch auto_zeroise
in repository sw/libhal.

commit ddee60a8e5603a47c26b95b2f944427e6013ac03
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Wed Feb 13 16:05:42 2019 -0500

    If a KEK is given to keywrap/unwrap, zero it out of the keywrap core after use.
    
    The key-export mechanism unwraps the key with the KEK from Master Key
    Memory, then re-wraps it with a random KEK. If that random KEK stays in
    the keywrap core, it will cause problems for all subsequent wrap/unwrap
    operations.
---
 aes_keywrap.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/aes_keywrap.c b/aes_keywrap.c
index 63e0cf7..1ee857b 100644
--- a/aes_keywrap.c
+++ b/aes_keywrap.c
@@ -383,6 +383,8 @@ hal_error_t hal_aes_keywrap(hal_core_t *core,
   }
 
 out:
+  if (K != NULL)
+    hal_aes_keywrap_zero(core);
   if (free_core)
     hal_core_free(core);
   return err;
@@ -483,6 +485,8 @@ hal_error_t hal_aes_keyunwrap(hal_core_t *core,
   memmove(Q, Q + 8, m);
 
 out:
+  if (K != NULL)
+    hal_aes_keywrap_zero(core);
   if (free_core)
     hal_core_free(core);
   return err;