diff --git a/src/crypto/mbedtls.c b/src/crypto/mbedtls.c index 67efcb5d..82f480c2 100644 --- a/src/crypto/mbedtls.c +++ b/src/crypto/mbedtls.c @@ -9,6 +9,7 @@ #include #include +#include #ifdef MBEDTLS_PSA_CRYPTO_C #include @@ -99,6 +100,11 @@ void osdp_fill_random(uint8_t *buf, int len) #endif } +void osdp_fill_zeros(void *buf, int len) +{ + mbedtls_platform_zeroize(buf, (size_t)len); +} + void osdp_crypt_teardown() { #ifndef MBEDTLS_PSA_CRYPTO_C diff --git a/src/crypto/openssl.c b/src/crypto/openssl.c index 416853d6..06cdd714 100644 --- a/src/crypto/openssl.c +++ b/src/crypto/openssl.c @@ -107,6 +107,11 @@ void osdp_fill_random(uint8_t *buf, int len) } } +void osdp_fill_zeros(void *buf, int len) +{ + OPENSSL_cleanse(buf, (size_t)len); +} + void osdp_crypt_teardown() { } diff --git a/src/crypto/tinyaes.c b/src/crypto/tinyaes.c index 5f9873ef..acd3dcb8 100644 --- a/src/crypto/tinyaes.c +++ b/src/crypto/tinyaes.c @@ -56,6 +56,15 @@ void osdp_fill_random(uint8_t *buf, int len) } } +void osdp_fill_zeros(void *buf, int len) +{ + volatile uint8_t *p = (volatile uint8_t *)buf; + + while (len--) { + *p++ = 0; + } +} + void osdp_crypt_teardown() { } \ No newline at end of file diff --git a/src/osdp_common.h b/src/osdp_common.h index d08b2570..33225b8e 100644 --- a/src/osdp_common.h +++ b/src/osdp_common.h @@ -546,6 +546,7 @@ void osdp_crypt_setup(); void osdp_encrypt(uint8_t *key, uint8_t *iv, uint8_t *data, int len); void osdp_decrypt(uint8_t *key, uint8_t *iv, uint8_t *data, int len); void osdp_fill_random(uint8_t *buf, int len); +void osdp_fill_zeros(void *buf, int len); void osdp_crypt_teardown(); /* --- from osdp_sc.c --- */ diff --git a/src/osdp_cp.c b/src/osdp_cp.c index 2d4637b3..ba2081ec 100644 --- a/src/osdp_cp.c +++ b/src/osdp_cp.c @@ -1657,6 +1657,7 @@ void osdp_cp_teardown(osdp_t *ctx) if (is_capture_enabled(pd)) { osdp_packet_capture_finish(pd); } + osdp_fill_zeros(&pd->sc, sizeof(struct osdp_secure_channel)); #ifndef OPT_OSDP_STATIC safe_free(pd->file); diff --git a/src/osdp_pd.c b/src/osdp_pd.c index 803e2929..80c9c8e4 100644 --- a/src/osdp_pd.c +++ b/src/osdp_pd.c @@ -1263,6 +1263,7 @@ static void osdp_pd_update(struct osdp_pd *pd) } if (pd->cmd_id == CMD_KEYSET && pd->reply_id == REPLY_ACK) { memcpy(pd->sc.scbk, pd->keyset_pending, 16); + osdp_fill_zeros(pd->keyset_pending, 16); CLEAR_FLAG(pd, PD_FLAG_SC_USE_SCBKD); CLEAR_FLAG(pd, PD_FLAG_INSTALL_MODE); pd_sc_deactivate(pd); @@ -1479,6 +1480,8 @@ void osdp_pd_teardown(osdp_t *ctx) osdp_packet_capture_finish(pd); } + osdp_fill_zeros(&pd->sc, sizeof(struct osdp_secure_channel)); + if (pd_ctx->channel.close) { pd_ctx->channel.close(pd_ctx->channel.data); } diff --git a/src/osdp_sc.c b/src/osdp_sc.c index 9fe68d45..9e166e2a 100644 --- a/src/osdp_sc.c +++ b/src/osdp_sc.c @@ -56,6 +56,7 @@ void osdp_compute_session_keys(struct osdp_pd *pd) osdp_encrypt(scbk, NULL, pd->sc.s_enc, 16); osdp_encrypt(scbk, NULL, pd->sc.s_mac1, 16); osdp_encrypt(scbk, NULL, pd->sc.s_mac2, 16); + osdp_fill_zeros(scbk, sizeof(scbk)); } void osdp_compute_cp_cryptogram(struct osdp_pd *pd) @@ -93,10 +94,9 @@ int osdp_verify_cp_cryptogram(struct osdp_pd *pd) memcpy(cp_crypto + 8, pd->sc.cp_random, 8); osdp_encrypt(pd->sc.s_enc, NULL, cp_crypto, 16); - if (osdp_ct_compare(pd->sc.cp_cryptogram, cp_crypto, 16) != 0) { - return -1; - } - return 0; + int ret = osdp_ct_compare(pd->sc.cp_cryptogram, cp_crypto, 16) == 0 ? 0 : -1; + osdp_fill_zeros(cp_crypto, sizeof(cp_crypto)); + return ret; } void osdp_compute_pd_cryptogram(struct osdp_pd *pd) @@ -116,10 +116,9 @@ int osdp_verify_pd_cryptogram(struct osdp_pd *pd) memcpy(pd_crypto + 8, pd->sc.pd_random, 8); osdp_encrypt(pd->sc.s_enc, NULL, pd_crypto, 16); - if (osdp_ct_compare(pd->sc.pd_cryptogram, pd_crypto, 16) != 0) { - return -1; - } - return 0; + int ret = osdp_ct_compare(pd->sc.pd_cryptogram, pd_crypto, 16) == 0 ? 0 : -1; + osdp_fill_zeros(pd_crypto, sizeof(pd_crypto)); + return ret; } void osdp_compute_rmac_i(struct osdp_pd *pd)