Project

General

Profile

Actions
Copy link

Tasks #64136

closed

Tasks #63293: Implement fscrypt in libcephfs and cephfs-fuse

Cleanup secret key on lock

Added by Christopher Hoffman about 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Christopher Hoffman
Category:
-
Target version:
-
% Done:

0%

Reviewed:
Affected Versions:
Component(FS):
Labels (FS):
Pull request ID:
Tags (freeform):
Merge Commit:
Fixed In:
Released In:
Upkeep Timestamp:

Description

Ensure secret key is cleaned up and zeroed out when tree is locked

Actions
Copy link
 #1

Updated by Patrick Donnelly about 2 years ago

  • Assignee set to Christopher Hoffman
Actions
Copy link
 #2

Updated by Christopher Hoffman over 1 year ago

  • Status changed from New to In Progress
Actions
Copy link
 #3

Updated by Christopher Hoffman over 1 year ago

  • Status changed from In Progress to Resolved

As the key is represented as a bufferlist, zero() is utilized. AFAICT, it overwrites BL and doesn't dereference and leave key in memory.

commit 410b8e5b8f23680f05f399dfc9e1c7b51891b156 (HEAD -> wip-fscrypt)
Author: Christopher Hoffman <choffman@redhat.com>
Date:   Thu Aug 1 14:12:15 2024 +0000

    client/FSCrypt: securely erase crypto key

    Fixes: https://tracker.ceph.com/issues/64136
    Signed-off-by: Christopher Hoffman <choffman@redhat.com>

diff --git a/src/client/FSCrypt.cc b/src/client/FSCrypt.cc
index 5e196a78a1f..ef047c594f0 100644
--- a/src/client/FSCrypt.cc
+++ b/src/client/FSCrypt.cc
@@ -361,6 +361,9 @@ void FSCryptContext::generate_new_nonce()
 void FSCryptKeyHandler::reset(int64_t _epoch, FSCryptKeyRef k)
 {
   std::unique_lock wl{lock};
+
+  // clear any previous crypto key with overwrite of 0s
+  key->get_key().zero();
   epoch = _epoch;
   key = k;
 }
Actions
Copy link

Also available in: Atom PDF