Zeroization of sensitive data in Erlang

Dániel Szoboszlay dszoboszlay@REDACTED
Sun Oct 27 00:42:09 CEST 2019


Hi Amit,

A NIF could use a resource object to implement a zeroable memory location.
The Erlang program will only see a handle to the resource, which is
immutable. But the contents of the object can be changed by the NIF (it's
better explained in the docs <http://erlang.org/doc/man/erl_nif.html>). So
you could create an API that looks like this for the Erlang program:

Handle = create_secret(Some, Input, Values),
ok = use_secret(Handle),
ok = destroy_secret(Handle), % The NIF zeroes out the memory in the
resource object
{error, destroyed} = use_secret(Handle). % The secret is no more at this
point

The big problem is that your secret shall never leave the native library.
E.g. you cannot hide a cryptographic key behind a zeroable resource object
and then pass it to the crypto library. As soon as you convert it into an
Erlang term, it is copied onto the non-zeroed stack or heap or a process.
Considering this, you may just as well use a port program to hold and work
with the secret outside of the Erlang VM.

Probably the only real solution within the VM would be to patch the GC to
zero any reclaimed memory. Or maybe not even the GC, but the memory
allocators, in case a secret is copied to some non-GC-d memory area, such
as an ETS table.

Cheers,
Daniel

On Sat, 26 Oct 2019 at 22:39, Amit K <klg.amit@REDACTED> wrote:

> Hi all,
>
> Concerning the security practice of Zeroizing sensitive data from memory
> after you're finished with it, such as Cryptographic keys, passwords, etc,
> I wanted to ask if any of you ever had to implement such a thing in Erlang,
> and if so, how? :)
>
> Also note that often this is a requirement that you must fulfill if you
> want your product to pass a security standard evaluation such as the
> "Common Criteria" one (As an example requirement see FCS_CKM_EXT.4 here:
> https://www.commoncriteriaportal.org/files/ppfiles/pp_nd_v1.0.pdf).
>
> The problem of course is that in Erlang (and I suppose - FP in general)
> once a variable gets assigned, you are not allowed to change its value, and
> in particular of course overwrite it with zero bytes.
>
> One option I thought about is doing it with a NIF, but from my
> understanding a NIF isn't supposed to change its input values, it should
> treat them as constants, which understandable as well (basic FP language
> property).
>
> Any feedback can be helpful :)
>
> Regards,
>
> Amit
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20191027/5d96b2c2/attachment.htm>


More information about the erlang-questions mailing list