haskal
/
spot-the-bug
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
spot-the-bug/stream-ciphers/monocypher-3.1.1/doc/html/crypto_wipe.html

87 lines
3.8 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<style>
table.head, table.foot { width: 100%; }
td.head-rtitle, td.foot-os { text-align: right; }
td.head-vol { text-align: center; }
div.Pp { margin: 1ex 0ex; }
</style>
<link rel="stylesheet" href="style.css" type="text/css" media="all"/>
<title>CRYPTO_WIPE(3MONOCYPHER)</title>
</head>
<body>
<table class="head">
<tr>
<td class="head-ltitle">CRYPTO_WIPE(3MONOCYPHER)</td>
<td class="head-vol">3MONOCYPHER</td>
<td class="head-rtitle">CRYPTO_WIPE(3MONOCYPHER)</td>
</tr>
</table>
<div class="manual-text">
<h1 class="Sh" title="Sh" id="NAME"><a class="selflink" href="#NAME">NAME</a></h1>
<b class="Nm" title="Nm">crypto_wipe</b> &#x2014;
<span class="Nd" title="Nd">wipe data from memory</span>
<h1 class="Sh" title="Sh" id="SYNOPSIS"><a class="selflink" href="#SYNOPSIS">SYNOPSIS</a></h1>
<b class="In" title="In">#include
&lt;<a class="In" title="In">monocypher.h</a>&gt;</b>
<div class="Pp"></div>
<var class="Ft" title="Ft">void</var>
<br/>
<b class="Fn" title="Fn">crypto_wipe</b>(<var class="Fa" title="Fa">void
*secret</var>, <var class="Fa" title="Fa">size_t secret_size</var>);
<h1 class="Sh" title="Sh" id="DESCRIPTION"><a class="selflink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<b class="Fn" title="Fn">crypto_wipe</b>() securely erases sensitive data in
memory.
<div class="Pp"></div>
Sensitive data (such as cryptographic keys or secret plaintexts) should be
erased from memory as early as possible, to minimise the window in which it
can be leaked. Standard functions like memset and bzero are not safe to use,
as the compiler may decide they have no effect and optimise them out.
<div class="Pp"></div>
The arguments are:
<dl class="Bl-tag">
<dt class="It-tag">&#x00A0;</dt>
<dd class="It-tag">&#x00A0;</dd>
<dt class="It-tag"><var class="Fa" title="Fa">secret</var></dt>
<dd class="It-tag">The buffer to erase.</dd>
<dt class="It-tag">&#x00A0;</dt>
<dd class="It-tag">&#x00A0;</dd>
<dt class="It-tag"><var class="Fa" title="Fa">secret_size</var></dt>
<dd class="It-tag">The number of bytes to erase from the buffer. Normally this
is the size of the entire buffer.</dd>
</dl>
<div class="Pp"></div>
Monocypher will wipe its context structs when finalizing an operation such as
signing or decrypting. When using direct interfaces like
<a class="Xr" title="Xr" href="crypto_lock.html">crypto_lock(3monocypher)</a>,
these context structs are invisible to you. They are exposed in incremental
interfaces like
<a class="Xr" title="Xr" href="crypto_blake2b_init.html">crypto_blake2b_init(3monocypher)</a>.
The original key buffer does not get automatically wiped. When using
incremental interfaces, you may want to wipe the original key buffers
immediately after calling the respective init function.
<div class="Pp"></div>
Using <b class="Fn" title="Fn">crypto_wipe</b>() alone may not suffice for
security. It is recommended to lock down relevant memory regions as well.
Refer to <a class="Xr" title="Xr" href="intro.html">intro(3monocypher)</a> for
instructions on how to lock down memory on common operating systems.
<h1 class="Sh" title="Sh" id="RETURN_VALUES"><a class="selflink" href="#RETURN_VALUES">RETURN
VALUES</a></h1>
This function returns nothing.
<h1 class="Sh" title="Sh" id="SEE_ALSO"><a class="selflink" href="#SEE_ALSO">SEE
ALSO</a></h1>
<a class="Xr" title="Xr" href="intro.html">intro(3monocypher)</a>
<h1 class="Sh" title="Sh" id="HISTORY"><a class="selflink" href="#HISTORY">HISTORY</a></h1>
The <b class="Fn" title="Fn">crypto_wipe</b>() function first appeared in
Monocypher 1.1.0.</div>
<table class="foot">
<tr>
<td class="foot-date">December 12, 2019</td>
<td class="foot-os">Linux 4.15.0-106-generic</td>
</tr>
</table>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink