I want to clear sensitive data from memory in my iOS app. In Windows I used to use SecureZeroMemory. Now, in iOS, I use plain old memset, but I'm a little worried the compiler might optimize it: https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/771-BSI.html
我想在我的iOS应用程序中清除内存中的敏感数据。在Windows中,我曾经使用过SecureZeroMemory。现在,在iOS中,我使用普通的旧memset,但我有点担心编译器可能会优化它:https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/771-BSI.html
code snippet:
代码段:
NSData *someSensitiveData;
memset((void *)someSensitiveData.bytes, 0, someSensitiveData.length);
2 个解决方案
#1
3
Paraphrasing 771-BSI (link see OP):
释义771-BSI(链接见OP):
A way to avoid having the memset call optimized out by the compiler is to access the buffer again after the memset call in a way that would force the compiler not to optimize the location. This can be achieved by
避免编译器优化的memset调用的一种方法是在memset调用之后再次访问缓冲区,这会强制编译器不优化位置。这可以通过以下方式实现
*(volatile char*)buffer = *(volatile char*)buffer;
after the memset()
call.
在memset()调用之后。
In fact, you could write a secure_memset()
function
实际上,您可以编写secure_memset()函数
void* secure_memset(void *v, int c, size_t n) {
volatile char *p = v;
while (n--) *p++ = c;
return v;
}
(Code taken from 771-BSI. Thanks to Daniel Trebbien for pointing out for a possible defect of the previous code proposal.)
(代码取自771-BSI。感谢Daniel Trebbien指出前一个代码提案可能存在的缺陷。)
Why does volatile
prevent optimization? See https://*.com/a/3604588/220060
为什么volatile会阻止优化?请参阅https://*.com/a/3604588/220060
UPDATE Please also read Sensitive Data In Memory because if you have an adversary on your iOS system, your are already more or less screwed even before he tries to read that memory. In a summary SecureZeroMemory() or secure_memset() do not really help.
更新请同时阅读内存中的敏感数据,因为如果您的iOS系统上有对手,即使在他尝试读取内存之前,您已经或多或少地被搞砸了。在摘要SecureZeroMemory()或secure_memset()实际上没有帮助。
#2
0
The problem is NSData is immutable and you do not have control over what happens. If the buffer is controlled by you, you could use dataWithBytesNoCopy:length: and NSData will act as a wrapper. When finished you could memset your buffer.
问题是NSData是不可变的,你无法控制发生的事情。如果缓冲区由您控制,则可以使用dataWithBytesNoCopy:length:并且NSData将充当包装器。完成后你可以记住你的缓冲区。
#1
3
Paraphrasing 771-BSI (link see OP):
释义771-BSI(链接见OP):
A way to avoid having the memset call optimized out by the compiler is to access the buffer again after the memset call in a way that would force the compiler not to optimize the location. This can be achieved by
避免编译器优化的memset调用的一种方法是在memset调用之后再次访问缓冲区,这会强制编译器不优化位置。这可以通过以下方式实现
*(volatile char*)buffer = *(volatile char*)buffer;
after the memset()
call.
在memset()调用之后。
In fact, you could write a secure_memset()
function
实际上,您可以编写secure_memset()函数
void* secure_memset(void *v, int c, size_t n) {
volatile char *p = v;
while (n--) *p++ = c;
return v;
}
(Code taken from 771-BSI. Thanks to Daniel Trebbien for pointing out for a possible defect of the previous code proposal.)
(代码取自771-BSI。感谢Daniel Trebbien指出前一个代码提案可能存在的缺陷。)
Why does volatile
prevent optimization? See https://*.com/a/3604588/220060
为什么volatile会阻止优化?请参阅https://*.com/a/3604588/220060
UPDATE Please also read Sensitive Data In Memory because if you have an adversary on your iOS system, your are already more or less screwed even before he tries to read that memory. In a summary SecureZeroMemory() or secure_memset() do not really help.
更新请同时阅读内存中的敏感数据,因为如果您的iOS系统上有对手,即使在他尝试读取内存之前,您已经或多或少地被搞砸了。在摘要SecureZeroMemory()或secure_memset()实际上没有帮助。
#2
0
The problem is NSData is immutable and you do not have control over what happens. If the buffer is controlled by you, you could use dataWithBytesNoCopy:length: and NSData will act as a wrapper. When finished you could memset your buffer.
问题是NSData是不可变的,你无法控制发生的事情。如果缓冲区由您控制,则可以使用dataWithBytesNoCopy:length:并且NSData将充当包装器。完成后你可以记住你的缓冲区。