Issue #2569: Token memory not wiped after key deletion - dogtagpki

dogtagpki

#2569 Token memory not wiped after key deletion

Closed: Fixed None Opened 8 years ago by dsirrine.

For background, normal token operations include format, enroll and re-enroll.

Let me describe each case below:

1)      During a format operation, it is presumed that data on the token
allocated by the applet just goes away since the applet is removed and a new
one created. I do see a delete command in the TPS logs consistent with this
presumption.

[2016-02-24 13:34:19] 682e7340 AP_Session::WriteMsg- Sent 's=119&msg_type=9&pdu
_size=29&pdu_data=%84%E4%00%00%18%4C%27%69%B3%6E%31%DB%20%F6%DF%BE%1E%4F%1F%2C%
77%22%76%C0%7C%EA%8E%6B%41'

          This DELETE Command (Global Platform 2.1.1) should go down to the
token to delete the object and this should result in removal of allocated data
from the token

2)      During an enroll operation post  format, it might be safe to assume
that the data was initialized before allocating memory for the new keys

This line is executed in the constructor suggests initialized memory is used:

keys          = new Key       [MAX_NUM_KEYS];


3)      During a re-enroll when certificates are removed from a token, I would
expect that all data pertaining to private keys are removed as well. I don?t
see an explicit command sent to the card from TPS to clear the memory occupied
by the removed certificate containing private keys.  I understand that most
often when certificates are deleted, there are new ones to take their place,
which will likely overwrite the key data. But the issue I am bringing up is the
window of exposure after private keys are removed but before new ones are
added.

Possible Fix:

Add an explicit  command to zero out the key data. Here is an example of such a
command from the CoolKey Applet Interface Specification document:

CLA 0x84 or 0xB0
INS 0x52
P1 0x00
P2 Zero Flag
P3 0x04
DATA

Zero Flag
0x01 Write zeros to object memory before release
0x00 Memory zeroing not required

mharmsen commented 8 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1405655 (Red Hat Certificate System)

jmagne commented 8 years ago

Fix checked in , closing.

commit 3e8bb9d0e42594afafdd0c0ac2a0f1b7a5d05aeb
Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com
Date: Fri Dec 16 16:25:48 2016 -0800

Ticket #2569: Token memory not wiped after key deletion

This is the dogtag upstream side of the TPS portion of this ticket.
This fix also involves an applet fix, handled in another bug.

Metadata Update from @dsirrine:
- Issue assigned to jmagne
- Issue set to the milestone: 10.4.0

8 years ago

dmoluguw commented 4 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2689

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

jmagne

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

10.4.0

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1405654
https://bugzilla.redhat.com/show_bug.cgi?id=1405655

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

RHCust

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

TPS

proposedmilestone

None

dogtagpki

Source Code

#2569 Token memory not wiped after key deletion Closed: Fixed None Opened 8 years ago by dsirrine.

Metadata

#2569 Token memory not wiped after key deletion

Closed: Fixed None Opened 8 years ago by dsirrine.