If a KEK is given to keywrap/unwrap, zero it out of the keywrap core after use.

The key-export mechanism unwraps the key with the KEK from Master Key Memory, then re-wraps it with a random KEK. If that random KEK stays in the keywrap core, it will cause problems for all subsequent wrap/unwrap operations.
author: Paul Selkirk <paul@psgd.org> 2019-02-13 16:05:42 -0500
committer: Paul Selkirk <paul@psgd.org> 2019-02-13 16:05:42 -0500
commit: e529855f7e15a14fed0ee16c9af1b55d7c55c660 (patch)
tree: 9e5c742b6550ee89449d015bf2f412a8b81ee280
parent: 9bf6075da2640dc57d5a9de5825a249cb3f827c3 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/aes_keywrap.c b/aes_keywrap.c
index 63e0cf7..1ee857b 100644
--- a/aes_keywrap.c
+++ b/aes_keywrap.c
@@ -383,6 +383,8 @@ hal_error_t hal_aes_keywrap(hal_core_t *core,
   }
 
 out:
+  if (K != NULL)
+    hal_aes_keywrap_zero(core);
   if (free_core)
     hal_core_free(core);
   return err;
@@ -483,6 +485,8 @@ hal_error_t hal_aes_keyunwrap(hal_core_t *core,
   memmove(Q, Q + 8, m);
 
 out:
+  if (K != NULL)
+    hal_aes_keywrap_zero(core);
   if (free_core)
     hal_core_free(core);
   return err;
author	Paul Selkirk <paul@psgd.org>	2019-02-13 16:05:42 -0500
committer	Paul Selkirk <paul@psgd.org>	2019-02-13 16:05:42 -0500
commit	e529855f7e15a14fed0ee16c9af1b55d7c55c660 (patch)
tree	9e5c742b6550ee89449d015bf2f412a8b81ee280
parent	9bf6075da2640dc57d5a9de5825a249cb3f827c3 (diff)