using secure memory where applicable using sodium_malloc or sodium_mlock, where not

libpcp/key.c

@@ -29,7 +29,7 @@
  * result anyway because I need a curve25519 secret.
  */
 byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
-  byte *key = ucmalloc(crypto_secretbox_KEYBYTES);
+  byte *key = smalloc(crypto_secretbox_KEYBYTES);
   size_t plen = strnlen(passphrase, 255);
 
   /*  create the scrypt hash */
@@ -44,7 +44,7 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
   key[31] |= 64;
 
   /* done */
-  ucfree(scrypted, 64);
+  sfree(scrypted);
   return key;
 }
 
@@ -168,9 +168,8 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
 
   es = pcp_sodium_mac(&encrypted, buffer_get(both), buffer_size(both), key->nonce, encryptkey);
 
-  memset(encryptkey, 0, 32);
   buffer_free(both);
-  free(encryptkey);
+  sfree(encryptkey);
 
   if(es == 176) { /* FIXME: calc! */
     /*  success */
@@ -201,7 +200,7 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
   
   es = pcp_sodium_verify_mac(&decrypted, key->encrypted, 176, key->nonce, encryptkey);
 
-  ucfree(encryptkey, 32);
+  sfree(encryptkey);
 
   if(es == 0) {
     /*  success */

libpcp/keyhash.c

@@ -27,6 +27,7 @@ void pcphash_del(PCPCTX *ptx, void *key, int type) {
   if(type == PCP_KEY_TYPE_SECRET) {
     HASH_DEL(ptx->pcpkey_hash, (pcp_key_t *)key);
     memset(key, 0, sizeof(pcp_key_t));
+    sodium_munlock(key, sizeof(pcp_key_t));
   }
   else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) {
     pcp_keysig_t *keysig = (pcp_keysig_t *)key;
@@ -37,6 +38,7 @@ void pcphash_del(PCPCTX *ptx, void *key, int type) {
   else {
     HASH_DEL(ptx->pcppubkey_hash, (pcp_pubkey_t *)key);
     memset(key, 0, sizeof(pcp_pubkey_t));
+    sodium_munlock(key, sizeof(pcp_pubkey_t));
   }
   free(key);
 }
@@ -94,6 +96,7 @@ pcp_pubkey_t *pcphash_pubkeyexists(PCPCTX *ptx, char *id) {
 void pcphash_add(PCPCTX *ptx, void *key, int type) {
   if(type == PCP_KEY_TYPE_PUBLIC) {
     pcp_pubkey_t *k = (pcp_pubkey_t *)key;
+    sodium_mlock(key, sizeof(pcp_pubkey_t));
     HASH_ADD_STR( ptx->pcppubkey_hash, id, k );
   }
   else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) {
@@ -101,7 +104,8 @@ void pcphash_add(PCPCTX *ptx, void *key, int type) {
     HASH_ADD_STR( ptx->pcpkeysig_hash, id, keysig);
   }
   else {
-    pcp_key_t *k = (pcp_key_t *)key;    
+    pcp_key_t *k = (pcp_key_t *)key;
+    sodium_mlock(key, sizeof(pcp_key_t)); 
     HASH_ADD_STR( ptx->pcpkey_hash, id, k);
   }
 }

libpcp/mem.c

@@ -36,13 +36,28 @@ void *ucmalloc(size_t s) {
     exit(-1);
   }
 
-  memset (value, 0, size);
+  sodium_memzero(value, size);
 
   /* printf("allocated %ld bytes at %p\n", size, value); */
 
   return value;
 }
 
+void *smalloc(size_t s) {
+  if (s == 0)
+    return NULL;
+
+  size_t size = s * sizeof(byte);
+  void *value = sodium_malloc (size);
+
+  if (value == NULL) {
+    err(errno, "Cannot allocate %d bytes of memory", (int)s);
+    exit(-1);
+  }
+
+  return value;
+}
+
 void *urmalloc(size_t s) {
   void *value = ucmalloc (s);
 
@@ -51,6 +66,14 @@ void *urmalloc(size_t s) {
   return value;
 }
 
+void *srmalloc(size_t s) {
+  void *value = sodium_malloc (s);
+
+  arc4random_buf(value, s);
+
+  return value;
+}
+
 
 void *ucrealloc(void *d, size_t oldlen, size_t newlen) {
   newlen = newlen * sizeof(byte);
@@ -75,3 +98,7 @@ void ucfree(void *d, size_t len) {
     free(d);
   }
 }
+
+void sfree(void *d) {
+  sodium_free(d);
+}

libpcp/mgmt.c

@@ -761,7 +761,7 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
 
   buffer_free(raw);
   ucfree(nonce, crypto_secretbox_NONCEBYTES);
-  ucfree(symkey, 64);
+  sfree(symkey);
   ucfree(cipher, es);
 
   return out;
@@ -877,7 +877,7 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
   ucfree(clear, cipherlen - PCP_CRYPTO_ADD);
   ucfree(nonce, crypto_secretbox_NONCEBYTES);
   buffer_free(blob);
-  ucfree(symkey, 64);
+  sfree(symkey);
   free(id);
 
   return sk;
@@ -890,6 +890,6 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
   ucfree(sk, sizeof(pcp_key_t));
   buffer_free(blob);
   if(symkey != NULL)
-    ucfree(symkey, 64);
+    sfree(symkey);
   return NULL;
 }

libpcp/scrypt.c

@@ -22,7 +22,7 @@
 #include "scrypt.h"
 
 byte* pcp_scrypt(PCPCTX *ptx, char *passwd, size_t passwdlen, byte *nonce, size_t noncelen) {
-  uint8_t *dk = ucmalloc(64); /*  resulting hash */
+  uint8_t *dk = smalloc(64); /*  resulting hash */
 
   /*  constants */
   uint64_t N = 1 << 14;

libpcp/vault.c

@@ -442,7 +442,8 @@ int pcpvault_fetchall(PCPCTX *ptx, vault_t *vault) {
   vault_item_header_t *item = ucmalloc(sizeof(vault_item_header_t));
   got = fread(header, 1, sizeof(vault_header_t), vault->fd);
   if(got < sizeof(vault_header_t)) {
-    fatal(ptx, "empty or invalid vault header size (got %ld, expected %ld)\n", got,  sizeof(vault_header_t)); 
+    fatal(ptx, "empty or invalid vault header size (got %ld, expected %ld)\n",
+	  got,  sizeof(vault_header_t)); 
     goto err;
   }
   vh2native(header);
@@ -494,12 +495,14 @@ int pcpvault_fetchall(PCPCTX *ptx, vault_t *vault) {
 	      buffer_free(rawks);
 	    }
 	    else {
-	      fatal(ptx, "Failed to read vault - invalid key type: %02X! at %d\n", item->type, readpos);
+	      fatal(ptx, "Failed to read vault - invalid key type: %02X! at %d\n",
+		    item->type, readpos);
 	      goto err;
 	    }
 	  }
 	  else {
-	    fatal(ptx, "Failed to read vault - that's no pcp key at %d (size %ld)!\n", readpos, bytesleft);
+	    fatal(ptx, "Failed to read vault - that's no pcp key at %d (size %ld)!\n",
+		  readpos, bytesleft);
 	    goto err;
 	  }
 	}