Add KEY_Wipe(), and use it for secret keys, CEKs and PRKs.

src/keys.c

@@ -227,6 +227,16 @@ wipe(void * const dst, size_t len, uint8_t val)
 	}
 }
 
+void
+KEY_Wipe(void * const key)
+{
+	AN(key);
+	wipe(key, AES128_KEYLEN, 0xff);
+	wipe(key, AES128_KEYLEN, 0xaa);
+	wipe(key, AES128_KEYLEN, 0x55);
+	wipe(key, AES128_KEYLEN, 0x00);
+}
+
 /*
  * wipe all the keys, destroy the rwlocks, de-allocate the free list,
  * de-allocate the key pages
@@ -247,10 +257,8 @@ KEY_Fini(void)
 			key = VRBT_ROOT(tree_h);
 			while (key != NULL) {
 				CHECK_OBJ(key, KEY_MAGIC);
-				wipe(key->key, 16, 0xff);
-				wipe(key->key, 16, 0xaa);
-				wipe(key->key, 16, 0x55);
-				wipe(key->key, 16, 0x00);
+				AN(key->key);
+				KEY_Wipe(key->key);
 				nxt_k = VRBT_NEXT(key_tree, tree_h, key);
 				VRBT_REMOVE(key_tree, tree_h, key);
 				FREE_OBJ(key);

src/keys.h

@@ -38,3 +38,4 @@ void KEY_Rdlock(uint8_t idlen);
 void KEY_Unlock(uint8_t idlen);
 uint8_t *KEY_Get(uint8_t *id, uint8_t idlen);
 int KEY_Set(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key);
+void KEY_Wipe(void * const key);

src/vfp.c

@@ -272,6 +272,7 @@ crypto_init(struct vfp_ctx *ctx, struct ece_crypto *crypto, uint8_t *salt,
 	    || derive_prenonce(prk, prenonce, errmsg) != 0)
 		return (VERR_DEC(ctx, "%s", errmsg));
 
+	KEY_Wipe(prk);
 	crypto->prenonce_hi = vbe32dec(prenonce);
 	crypto->prenonce_lo = vbe64dec(prenonce + 4);
 	memcpy(crypto->cek, cek, AES128_KEYLEN);
@@ -388,8 +389,8 @@ vfp_common_fini(struct vfp_ctx *ctx, struct vfp_entry *ent)
 	if (ece->buf != NULL)
 		free(ece->buf);
 	if (ece->crypto != NULL) {
-		/* XXX wipe the cek */
 		CHECK_OBJ(ece->crypto, ECE_CRYPTO_MAGIC);
+		KEY_Wipe(ece->crypto->cek);
 		FREE_OBJ(ece->crypto);
 	}
 	if (ece->stream != NULL) {