Prevent Memory Side Channel Attacks (Core Dumps and Swapping)

[CMCDragonkai]

Specification

As the PK CLI/Agent is running, we should be protecting our in-memory keys and passwords. Given the lack of "encrypted memory", we need to protect certain buffers from core dumps or swapping.

We have already done a bit of this by using mlock on key buffers in PK's keys domain. However that seems quite limited and doesn't prevent the memory from being dumped during a core dump.

Note that mlock only works on Linux atm. Different operating systems require different strategies.

There are similar syscalls that can prevent buffers from being part of a core dump.

However this won't always work, because what about all our TLS libraries? MatrixAI/Polykey#526 There might be many places that the key data get copied to that may be leaked, such as copying key memory from PK to js-encryptedfs.

One way to get around this is to basically prevent core-dump wholesale on the entire process, rather than trying to lock in specific pieces of memory, this is done with ssh-agent:

But again that could be OS-specific.

What we can do is apply some principles:

1. Always use mlock on key material
2. Always use MADV_DONTDUMP on key material
3. Never copy key material in any of our libraries like js-encryptedfs, always call-by-reference
4. Unify our TLS libraries as per Unifying the TLS libraries between WS, QUIC and Fetch/HTTPS Polykey#526 and therefore solve it one place
5. Add an option to the PK CLI can that attempt disabling core dumps wholesale in high-security environments

Additional context

Compromise of key material from core dumps and swap memory is actually a real thing. See https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

Tasks

1. ...
2. ...
3. ...