Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-5693] CryptoService using memfd_secret on Linux #979

Closed
wants to merge 41 commits into from

Conversation

dani-garcia
Copy link
Member

@dani-garcia dani-garcia commented Aug 19, 2024

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-5693

📔 Objective

I've been looking into using memfd_secret to protect keys in memory on Linux.

The memfd_secret API is similar to malloc in that we get some memory range allocated for us, but this memory is only visible to the process that has access to the file descriptor, which should protect us from any memory dumping from anything other than a kernel driver.

https://man.archlinux.org/man/memfd_secret.2.en

Using this requires changing how we store keys, so this is the perfect moment to go through removing the raw keys from the API surface.

Changes

  • Added a KeyRef trait and SymmetricKeyRef/AsymmetricKeyRef subtraits to represent the key types. Also a small macro to quickly implement them. KeyRef implementations are user defined types that implements Eq+Hash+Copy, and don't contain any key material
  • KeyEncryptable/KeyDecryptable are now Decryptable/Encryptable, and instead of taking the key as parameter, they take a CryptoServiceContext and a KeyRef. This way keys are never exposed to the clients.
  • KeyLocator trait is replaced by UsesKey. This trait only returns the KeyRef of the key required to decrypt it, instead of fetching the key itself.
  • Created a KeyStore trait, with some simple CRUD methods. We have two implementations, one based on memfd_secret for Linux, and another one based on a Rust boxed slice, that also applies mlock if possible.
  • Because both mlock and memfd_secret apply their protection over a specified memory area, we need a Rust data structure that is laid out linearly and also doesn't reallocate by itself. Also because memfd_secret allocates the memory for us, we can't use a std type like Vec (reason is the Vec must be allocated by the Rust allocator [ref]). This basically only leaves us with a Rust slice, on top of which we'd need to implement insert/get/delete. To allow for reuse and easier testing I've created SliceKeyStore, which implements the CRUD methods from the KeyStore trait on top of a plain slice. Then the actual mlock and memfd_secret implementations just need to implement a trait casting their data to a slice. The data is stored as a slice of Option<(KeyRef, KeyMaterial)>, and the keys are unique and sorted in the slice for easier lookups.
  • Created CryptoService, which contains the KeyStores and some encrypt/decrypt utility functions. From a CryptoService you can also initialize a CryptoServiceContext
  • A CryptoServiceContext contains a read only view of the keys inside the CryptoService, plus a read-write ephemeral key store, for use by Decryptable/Encryptable implementations when they need to temporarily store some keys (Cipher keys, attachment keys, send keys...).

Migrated the codebase to use these changes in a separate PR: #1117

📸 Screenshots

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
    team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
    issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

Copy link
Contributor

github-actions bot commented Aug 19, 2024

Logo
Checkmarx One – Scan Summary & Details117955f6-2a58-486c-b381-cb66202bd537

No New Or Fixed Issues Found

@dani-garcia dani-garcia force-pushed the ps/secure-crypto-service branch from 7e9bd88 to d7c7c3e Compare August 19, 2024 12:02
Copy link

codecov bot commented Sep 24, 2024

Codecov Report

Attention: Patch coverage is 54.90566% with 478 lines in your changes missing coverage. Please review.

Project coverage is 58.05%. Comparing base (16a8496) to head (bec4786).

Files with missing lines Patch % Lines
crates/bitwarden-crypto/src/service/context.rs 0.00% 227 Missing ⚠️
crates/bitwarden-crypto/src/service/mod.rs 0.00% 117 Missing ⚠️
crates/bitwarden-crypto/src/keys/encryptable.rs 0.00% 104 Missing ⚠️
...es/bitwarden-crypto/src/service/key_store/slice.rs 95.89% 22 Missing ⚠️
...crypto/src/service/key_store/implementation/mod.rs 0.00% 8 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #979      +/-   ##
==========================================
- Coverage   58.32%   58.05%   -0.27%     
==========================================
  Files         193      199       +6     
  Lines       13557    14617    +1060     
==========================================
+ Hits         7907     8486     +579     
- Misses       5650     6131     +481     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
memsec = { version = "0.7.0", features = [
"alloc_ext",
], git = "https://github.com/dani-garcia/memsec", rev = "3d2e272d284442637bac0a7d94f76883960db7e2" }
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

memsec is using windows-sys 0.45, which was causing build errors similar to the ones fixed by #1053.

Using the latest windows-sys 0.59 seems to solve the problem for me. TODO: Open a PR upstream?

@dani-garcia dani-garcia changed the title [BEEEP][WIP] CryptoService using memfd_secret on Linux [PM-5693] CryptoService using memfd_secret on Linux Sep 25, 2024
@dani-garcia dani-garcia force-pushed the ps/secure-crypto-service branch from 3157eaa to f882fb2 Compare October 7, 2024 15:10
@@ -23,6 +23,8 @@ pub enum CryptoError {
MissingKey(Uuid),
#[error("The item was missing a required field: {0}")]
MissingField(&'static str),
#[error("Missing Key for Ref. {0}")]
MissingKey2(String),
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't change the MissingKey variant without breaking the code, so for now I'll do this and rename it on the second PR.

@dani-garcia dani-garcia marked this pull request as ready for review October 8, 2024 10:57
@dani-garcia dani-garcia requested a review from Hinton October 8, 2024 11:01
Comment on lines +14 to +19
fn insert(&mut self, key_ref: Key, key: Key::KeyValue);
fn get(&self, key_ref: Key) -> Option<&Key::KeyValue>;
fn remove(&mut self, key_ref: Key);
fn clear(&mut self);

fn retain(&mut self, f: fn(Key) -> bool);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: add some documentation to these functions describing their behavior and use-cases. Admittedly most are pretty self-explanatory, but e.g. retain isn't

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants