Secure the payload with mlock

[mathstuf]

Also probably offer a structure for locking it down on its way in as well.

[mathstuf]

http://ironframework.io/doc/libc/funcs/posix88/mman/fn.munlock.html

[josephlr]

I would propose a different approach here and in #8. Rust crates like secstr https://crates.io/crates/secstr already do this. You could either take a dependency on them, or just make keyutils compatible with secstr by just always taking data by reference.

[mathstuf]

Hmm. It seems that by using Cow<[u8]> in the KeyPayload, the "take by reference" is always up to the user. I do see some potential holes:

• keytypes::encrypted::Payload::Load is a Vec<u8> of data to load into the key. This is then placed into a String which takes it out of any secure storage
• keytypes::rxrpc::Payload::session_key might warrant being in a secure array.
• keytypes::rxrpc_s::Payload::key probably needs to be in one as well.
• keytypes::trusted::Payload has some potentially sensitive information stored in a Vec.

[mathstuf]

Hmm. The caller using SecBox around the entire payload should be sufficient for rxrpc's bits (since they're static-sized arrays). The ticket in rxrpc::Payload and other Vec<u8> bits should probably be SecVec<u8> now. Thoughts?

[mathstuf]

Hrm. Returning a Cow::Owned moves the struct data back into a blob not in a zero-ing block of memory.