Secure Memory Erasing for SPIKE Nexus and SPIKE Keeper

[v0lkan]

Both SPIKE Nexus and SPIKE keeper (albeit temporarily) store root keys and Shamir Shards that they don't directly need.

Although these are deleted when no longer needed, it is up to Go garbage collector "when" to delete them.

Instead, we need to zero out unused data before gc.

According to NIST SP 800-88 Rev. 1 (Guidelines for Media Sanitization), a single overwrite pass with zeros is sufficient for modern storage devices. And since our data is in memory, one pass should be enough too. Multiple pass overwrites (like Gutmann's 35-pass method) are no longer considered necessary (due to high storage densities in modern devices).

The key is ensuring the overwrite actually occurs and isn't optimized away by the compiler, which the previous code handles correctly.

Here is one way to do it:

func Clear[T any](s *T) {
    p := unsafe.Pointer(s)
    size := unsafe.Sizeof(*s)
    b := (*[1 << 30]byte)(p)[:size:size]
    runtime.KeepAlive(s) // make sure the data is actually wiped before gc has time to interfere.
    for i := range b {
        b[i] = 0
    }
}

// Usage
type SensitiveData struct {
    Key    [32]byte
    Token  string
    UserId int64
}

func main() {
    data := &SensitiveData{...}
    defer Clear(data)
    // Use data
}

[kfox1111]

It would be interesting to try and chat with some of the folks under the cncf that are involved with confidential computing... Maybe there is an existing, nice interface we could reuse that keeps the keys in protected memory, and/or has nice wiping features.

[v0lkan]

It would be interesting to try and chat with some of the folks under the cncf

That's a good idea indeed; I'm noting it down.