new wipeable_string class to replace std::string passphrases

2025-08-23 03:15:06 -04:00 · 2017-11-25 14:50:15 +00:00 · 2017-11-25 14:50:15 +00:00 · 3dffe71b72
commit 3dffe71b72
parent 7a2a574118
15 changed files with 293 additions and 68 deletions
--- a/src/common/password.cpp
+++ b/src/common/password.cpp
@ -56,7 +56,7 @@ namespace
    return 0 != _isatty(_fileno(stdin));
  }

-  bool read_from_tty(std::string& pass)
+  bool read_from_tty(epee::wipeable_string& pass)
  {
    static constexpr const char BACKSPACE = 8;

@ -88,8 +88,7 @@ namespace
      {
        if (!pass.empty())
        {
-          pass.back() = '\0';
-          pass.resize(pass.size() - 1);
+          pass.pop_back();
        }
      }
      else
@ -127,7 +126,7 @@ namespace
    return ch;
  }

-  bool read_from_tty(std::string& aPass)
+  bool read_from_tty(epee::wipeable_string& aPass)
  {
    static constexpr const char BACKSPACE = 127;

@ -148,8 +147,7 @@ namespace
      {
        if (!aPass.empty())
        {
-          aPass.back() = '\0';
-          aPass.resize(aPass.size() - 1);
+          aPass.pop_back();
        }
      }
      else
@ -163,15 +161,7 @@ namespace

 #endif // end !WIN32

-  void clear(std::string& pass) noexcept
-  {
-    // technically, the std::string documentation says the data should not be modified,
-    // but there seems to be no way to get a non const raw pointer to the data
-    memwipe((void*)pass.data(), pass.size());
-    pass.clear();
-  }
-
-  bool read_from_tty(const bool verify, const char *message, std::string& pass1, std::string& pass2)
+  bool read_from_tty(const bool verify, const char *message, epee::wipeable_string& pass1, epee::wipeable_string& pass2)
  {
    while (true)
    {
@ -187,8 +177,8 @@ namespace
        if(pass1!=pass2)
        {
          std::cout << "Passwords do not match! Please try again." << std::endl;
-          clear(pass1);
-          clear(pass2);
+          pass1.clear();
+          pass2.clear();
        }
        else //new password matches
          return true;
@ -201,7 +191,7 @@ namespace
    return false;
  }

-  bool read_from_file(std::string& pass)
+  bool read_from_file(epee::wipeable_string& pass)
  {
    pass.reserve(tools::password_container::max_password_size);
    for (size_t i = 0; i < tools::password_container::max_password_size; ++i)
@ -236,7 +226,7 @@ namespace tools

  password_container::~password_container() noexcept
  {
-    clear(m_password);
+    m_password.clear();
  }

  boost::optional<password_container> password_container::prompt(const bool verify, const char *message)
@ -252,9 +242,8 @@ namespace tools
  boost::optional<login> login::parse(std::string&& userpass, bool verify, const std::function<boost::optional<password_container>(bool)> &prompt)
  {
    login out{};
-    password_container wipe{std::move(userpass)};

-    const auto loc = wipe.password().find(':');
+    const auto loc = userpass.find(':');
    if (loc == std::string::npos)
    {
      auto result = prompt(verify);
@ -265,10 +254,11 @@ namespace tools
    }
    else
    {
-      out.password = password_container{wipe.password().substr(loc + 1)};
+      out.password = password_container{userpass.substr(loc + 1)};
    }

-    out.username = wipe.password().substr(0, loc);
+    out.username = userpass.substr(0, loc);
+    password_container wipe{std::move(userpass)};
    return {std::move(out)};
  }
 } 
--- a/src/common/password.h
+++ b/src/common/password.h
@ -32,6 +32,7 @@

 #include <string>
 #include <boost/optional/optional.hpp>
+#include "wipeable_string.h"

 namespace tools
 {
@ -58,11 +59,10 @@ namespace tools
    password_container& operator=(const password_container&) = delete;
    password_container& operator=(password_container&&) = default;

-    const std::string& password() const noexcept { return m_password; }
+    const epee::wipeable_string &password() const noexcept { return m_password; }

  private:
-    //! TODO Custom allocator that locks to RAM?
-    std::string m_password;
+    epee::wipeable_string m_password;
  };

  struct login
--- a/src/common/util.cpp
+++ b/src/common/util.cpp
@ -36,9 +36,11 @@

 #include "include_base_utils.h"
 #include "file_io_utils.h"
+#include "wipeable_string.h"
 using namespace epee;

 #include "util.h"
+#include "memwipe.h"
 #include "cryptonote_config.h"
 #include "net/http_client.h"                        // epee::net_utils::...

@ -542,6 +544,8 @@ std::string get_nix_version_display_string()
  }
  bool on_startup()
  {
+    wipeable_string::set_wipe(&memwipe);
+
    mlog_configure("", true);

    sanitize_locale();