Skip to content

Wipe intermediate key material #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mtmk merged 1 commit into from
Apr 7, 2026
Merged

Wipe intermediate key material #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions NATS.NKeys/NaCl/Internal/Ed25519Ref10/sign.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,10 @@ public static void crypto_sign(
byte[] m, int moffset, int mlen,
byte[] sk, int skoffset)
{
byte[] az, r, hram;
byte[] az = null, r = null, hram = null;
GroupElementP3 R;
var hasher = new Sha512();
using var hasher = new Sha512();
try
{
hasher.Update(sk, skoffset, 32);
az = hasher.Finalize();
Expand Down Expand Up @@ -105,6 +106,12 @@ public static void crypto_sign(
Array.Copy(s, 0, sig, sigoffset + 32, 32);
CryptoBytes.Wipe(s);
}
finally
{
if (az != null) CryptoBytes.Wipe(az);
if (r != null) CryptoBytes.Wipe(r);
if (hram != null) CryptoBytes.Wipe(hram);
}
}
}
}
27 changes: 24 additions & 3 deletions NATS.NKeys/NaCl/TweetNaCl.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,14 @@ public static Byte[] CryptoBoxKeypair(Byte[] secretKey)
public static Byte[] CryptoBoxBeforenm(Byte[] publicKey, Byte[] secretKey)
{
Byte[] s = CryptoScalarmult(secretKey, publicKey);
return CryptoCoreHSalsa20(_0, s, Sigma);
try
{
return CryptoCoreHSalsa20(_0, s, Sigma);
}
finally
{
Array.Clear(s, 0, s.Length);
}
}

/// <summary>
Expand Down Expand Up @@ -231,7 +238,14 @@ public static Byte[] CryptoBoxOpenAfternm(Byte[] cipheredMessage, Byte[] nonce,
public static Byte[] CryptoBox(Byte[] message, Byte[] nonce, Byte[] publicKey, Byte[] secretKey)
{
Byte[] k = CryptoBoxBeforenm(publicKey, secretKey);
return CryptoBoxAfternm(message, nonce, k);
try
{
return CryptoBoxAfternm(message, nonce, k);
}
finally
{
Array.Clear(k, 0, k.Length);
}
}

/// <summary>
Expand All @@ -249,7 +263,14 @@ public static Byte[] CryptoBox(Byte[] message, Byte[] nonce, Byte[] publicKey, B
public static Byte[] CryptoBoxOpen(Byte[] cipheredMessage, Byte[] nonce, Byte[] publicKey, Byte[] secretKey)
{
Byte[] k = CryptoBoxBeforenm(publicKey, secretKey);
return CryptoBoxOpenAfternm(cipheredMessage, nonce, k);
try
{
return CryptoBoxOpenAfternm(cipheredMessage, nonce, k);
}
finally
{
Array.Clear(k, 0, k.Length);
}
}

/// <summary>
Expand Down
102 changes: 54 additions & 48 deletions NATS.NKeys/X25519/X25519.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,61 +20,67 @@ internal static class Curve25519
private static byte[] ScalarMult(byte[] input, byte[] baseIn)
{
var e = new byte[32];
try
{
Array.Copy(input,e,32); //copy(e[:], input[:])
e[0] &= 248;
e[31] &= 127;
e[31] |= 64;

FieldElement x1, x2, z2, x3, z3, tmp0, tmp1;
z2 = new FieldElement();
// feFromBytes(&x1, base)
x1 = new FieldElement(baseIn); //SECOND NUMBER
//feOne(&x2)
x2 = new FieldElement();
x2.One();
//feCopy(&x3, &x1)
x3 = new FieldElement();
FieldElement.Copy(ref x3,x1);
//feOne(&z3)
z3 = new FieldElement();
z3.One();

Array.Copy(input,e,32); //copy(e[:], input[:])
e[0] &= 248;
e[31] &= 127;
e[31] |= 64;
int swap = 0;
for (int pos = 254; pos >= 0; pos--) {
byte b = Convert.ToByte(e[pos / 8] >> (pos & 7));
b &= 1;
swap ^= (int)(b);
FieldElement.CSwap(ref x2, ref x3, swap);
FieldElement.CSwap(ref z2, ref z3, swap);
swap = (int) (b);

FieldElement x1, x2, z2, x3, z3, tmp0, tmp1;
z2 = new FieldElement();
// feFromBytes(&x1, base)
x1 = new FieldElement(baseIn); //SECOND NUMBER
//feOne(&x2)
x2 = new FieldElement();
x2.One();
//feCopy(&x3, &x1)
x3 = new FieldElement();
FieldElement.Copy(ref x3,x1);
//feOne(&z3)
z3 = new FieldElement();
z3.One();
tmp0 = x3 - z3; //feSub(&tmp0, &x3, &z3)
tmp1 = x2 - z2; //feSub(&tmp1, &x2, &z2)
x2 += z2; //feAdd(&x2, &x2, &z2)
z2 = x3 + z3; //feAdd(&z2, &x3, &z3)
z3 = tmp0.Multiply(x2);
z2 = z2.Multiply(tmp1);
tmp0 = tmp1.Square();
tmp1 = x2.Square();
x3 = z3 + z2; //feAdd(&x3, &z3, &z2)
z2 = z3 - z2; //feSub(&z2, &z3, &z2)
x2 = tmp1.Multiply(tmp0);
tmp1 -= tmp0;//feSub(&tmp1, &tmp1, &tmp0)
z2 = z2.Square();
z3 = tmp1.Mul121666();
x3 = x3.Square();
tmp0 += z3; //feAdd(&tmp0, &tmp0, &z3)
z3 = x1.Multiply(z2);
z2 = tmp1.Multiply(tmp0);
}

int swap = 0;
for (int pos = 254; pos >= 0; pos--) {
byte b = Convert.ToByte(e[pos / 8] >> (pos & 7));
b &= 1;
swap ^= (int)(b);
FieldElement.CSwap(ref x2, ref x3, swap);
FieldElement.CSwap(ref z2, ref z3, swap);
swap = (int) (b);

tmp0 = x3 - z3; //feSub(&tmp0, &x3, &z3)
tmp1 = x2 - z2; //feSub(&tmp1, &x2, &z2)
x2 += z2; //feAdd(&x2, &x2, &z2)
z2 = x3 + z3; //feAdd(&z2, &x3, &z3)
z3 = tmp0.Multiply(x2);
z2 = z2.Multiply(tmp1);
tmp0 = tmp1.Square();
tmp1 = x2.Square();
x3 = z3 + z2; //feAdd(&x3, &z3, &z2)
z2 = z3 - z2; //feSub(&z2, &z3, &z2)
x2 = tmp1.Multiply(tmp0);
tmp1 -= tmp0;//feSub(&tmp1, &tmp1, &tmp0)
z2 = z2.Square();
z3 = tmp1.Mul121666();
x3 = x3.Square();
tmp0 += z3; //feAdd(&tmp0, &tmp0, &z3)
z3 = x1.Multiply(z2);
z2 = tmp1.Multiply(tmp0);
z2 = z2.Invert();
x2 = x2.Multiply(z2);
return x2.ToBytes();
}
finally
{
Array.Clear(e, 0, e.Length);
}

FieldElement.CSwap(ref x2, ref x3, swap);
FieldElement.CSwap(ref z2, ref z3, swap);

z2 = z2.Invert();
x2 = x2.Multiply(z2);
return x2.ToBytes();
}
/// <summary>
/// X25519 returns the result of the scalar multiplication (scalar * point),
Expand Down
Loading