Add secure_erase function to clear secrets

Harshil-Jani · Harshil-Jani · commit 27674f488b63 · 2023-02-23T01:54:00.000+05:30
Signed-off-by: Harshil Jani &lt;harshiljani2002@gmail.com&gt;
diff --git a/examples/ecdh.c b/examples/ecdh.c
@@ -16,14 +16,21 @@
 
 #include "random.h"
 
+void secure_erase(void *buf, size_t size) {
+   volatile char *vbuf = (volatile char *)buf;
+   size_t i;
+    for (i = 0; i < size; ++i) {
+        vbuf[i] = 0;
+    }
+}
 
 int main(void) {
-    volatile unsigned char seckey1[32];
-    volatile unsigned char seckey2[32];
+    unsigned char seckey1[32];
+    unsigned char seckey2[32];
     unsigned char compressed_pubkey1[33];
     unsigned char compressed_pubkey2[33];
-    volatile unsigned char shared_secret1[32];
-    volatile unsigned char shared_secret2[32];
+    unsigned char shared_secret1[32];
+    unsigned char shared_secret2[32];
     unsigned char randomize[32];
     int return_val;
     size_t len;
@@ -114,10 +121,10 @@ int main(void) {
      *
      * Here we are preventing these writes from being optimized out, as any good compiler
      * will remove any writes that aren't used. */
-    memset(seckey1, 0, sizeof(seckey1));
-    memset(seckey2, 0, sizeof(seckey2));
-    memset(shared_secret1, 0, sizeof(shared_secret1));
-    memset(shared_secret2, 0, sizeof(shared_secret2));
+    secure_erase(seckey1,sizeof(seckey1));
+    secure_erase(seckey2,sizeof(seckey2));
+    secure_erase(shared_secret1,sizeof(shared_secret1));
+    secure_erase(shared_secret2,sizeof(shared_secret2));
 
     return 0;
 }
diff --git a/examples/ecdsa.c b/examples/ecdsa.c
@@ -15,7 +15,13 @@
 
 #include "random.h"
 
-
+void secure_erase(void *buf, size_t size) {
+    volatile char *vbuf = (volatile char *)buf;
+    size_t i;
+    for (i = 0; i < size; ++i) {
+        vbuf[i] = 0;
+    }
+}
 
 int main(void) {
     /* Instead of signing the message directly, we must sign a 32-byte hash.
@@ -29,7 +35,7 @@ int main(void) {
         0x61, 0x2B, 0x1F, 0xCE, 0x77, 0xC8, 0x69, 0x34,
         0x5B, 0xFC, 0x94, 0xC7, 0x58, 0x94, 0xED, 0xD3,
     };
-    volatile unsigned char seckey[32];
+    unsigned char seckey[32];
     unsigned char randomize[32];
     unsigned char compressed_pubkey[33];
     unsigned char serialized_signature[64];
@@ -127,7 +133,7 @@ int main(void) {
      *
      * Here we are preventing these writes from being optimized out, as any good compiler
      * will remove any writes that aren't used. */
-    memset(seckey, 0, sizeof(seckey));
+    secure_erase(seckey,sizeof(seckey));
 
     return 0;
 }
diff --git a/examples/schnorr.c b/examples/schnorr.c
@@ -17,11 +17,19 @@
 
 #include "random.h"
 
+void secure_erase(void *buf, size_t size) {
+    volatile char *vbuf = (volatile char *)buf;
+    size_t i;
+    for (i = 0; i < size; ++i) {
+        vbuf[i] = 0;
+    }
+}
+
 int main(void) {
     unsigned char msg[12] = "Hello World!";
     unsigned char msg_hash[32];
     unsigned char tag[17] = "my_fancy_protocol";
-    volatile unsigned char seckey[32];
+    unsigned char seckey[32];
     unsigned char randomize[32];
     unsigned char auxiliary_rand[32];
     unsigned char serialized_pubkey[32];
@@ -142,7 +150,6 @@ int main(void) {
      *
      * Here we are preventing these writes from being optimized out, as any good compiler
      * will remove any writes that aren't used. */
-    memset(seckey, 0, sizeof(seckey));
-
+    secure_erase(seckey,sizeof(seckey));
     return 0;
 }
