#iota #stronghold #security

stronghold-runtime

Runtime and allocation primitives for stronghold

1 unstable release

0.3.0 Apr 21, 2021

#8 in #iota

Download history 226/week @ 2021-06-26 315/week @ 2021-07-03 326/week @ 2021-07-10 425/week @ 2021-07-17 239/week @ 2021-07-24 476/week @ 2021-07-31 48/week @ 2021-08-07 209/week @ 2021-08-14 436/week @ 2021-08-21 383/week @ 2021-08-28 137/week @ 2021-09-04 44/week @ 2021-09-11 317/week @ 2021-09-18 120/week @ 2021-09-25 208/week @ 2021-10-02 238/week @ 2021-10-09

354 downloads per month
Used in 2 crates (via stronghold_engine)

Apache-2.0

100KB
3K SLoC

Rust 2.5K SLoC // 0.0% comments Coq 429 SLoC // 0.0% comments Shell 26 SLoC

Stronghold runtime system utilities

This crate aims to provide utilities for performing computations as securely as possible with respect to the underlying operating system.

Among the considered concepts:

  • guarded memory allocations
    • assists with read/write protecting sensitive data
    • zeroes the allocated memory when handing it back to the operating system
    • uses canary and garbage values to protect the memory pages.
    • leverages NACL libsodium for use on all supported platforms.

FAQ:

Why does my program get killed with SIGBUS/SIGILL signals?

It's common to restrict the amount of memory that can a non-privileged user can lock into main memory (i.e. forbidden to be swapped out to disk).

The following limit is sufficient to make the tests pass:

ulimit -l $((1024*1024))

But it's quite likely that that command will fail because the system defaults are sometimes very strict. On Arch the file that manages those limits is limit.conf and the following addition raises the limit to sufficiently run the tests:

username  hard  memlock 1048576

Note also that the tests in the crate allocates a lot more memory than an application using these runtime utilities are expected to allocate: by the principle of least privilege only the necessary sensitive/cryptographic operations should be performed in the most restricted sandbox.

Low-hanging fruit

  • encrypt/authenticate locked memory with a fast algorithm such as AES.

Dependencies

~5MB
~57K SLoC