fix(aes): Add memory zeroing for derived key to enhance security

sergei-boiko-trustwallet · sergei-boiko-trustwallet · commit b614c42c4c8b · 2026-03-25T13:47:12.000+01:00
diff --git a/src/Keystore/EncryptionParameters.cpp b/src/Keystore/EncryptionParameters.cpp
@@ -4,6 +4,7 @@
 
 #include "EncryptionParameters.h"
 
+#include "memory/memzero_wrapper.h"
 #include "../Hash.h"
 
 #include <TrezorCrypto/aes.h>
@@ -106,6 +107,8 @@ EncryptedPayload::EncryptedPayload(const Data& password, const Data& data, const
         aes_ctr_encrypt(data.data(), encrypted.data(), static_cast<int>(data.size()), iv.data(), aes_ctr_cbuf_inc, &ctx);
         _mac = computeMAC(derivedKey.end() - params.getKeyBytesSize(), derivedKey.end(), encrypted);
     }
+
+    memzero(derivedKey.data(), derivedKey.size());
 }
 
 EncryptedPayload::~EncryptedPayload() {
@@ -134,6 +137,7 @@ Data EncryptedPayload::decrypt(const Data& password) const {
     }
 
     if (!isEqualConstantTime(mac, _mac)) {
+        memzero(derivedKey.data(), derivedKey.size());
         throw DecryptionError::invalidPassword;
     }
 
@@ -156,7 +160,9 @@ Data EncryptedPayload::decrypt(const Data& password) const {
 
         aes_ctr_decrypt(encrypted.data(), decrypted.data(), static_cast<int>(encrypted.size()), iv.data(),
                         aes_ctr_cbuf_inc, &ctx);
+        memzero(derivedKey.data(), derivedKey.size());
     } else {
+        memzero(derivedKey.data(), derivedKey.size());
         throw DecryptionError::unsupportedCipher;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`
`5`	`5`	`#include "EncryptionParameters.h"`
`6`	`6`
	`7`	`+#include "memory/memzero_wrapper.h"`
`7`	`8`	`#include "../Hash.h"`
`8`	`9`
`9`	`10`	`#include <TrezorCrypto/aes.h>`
`@@ -106,6 +107,8 @@ EncryptedPayload::EncryptedPayload(const Data& password, const Data& data, const`
`106`	`107`	`aes_ctr_encrypt(data.data(), encrypted.data(), static_cast<int>(data.size()), iv.data(), aes_ctr_cbuf_inc, &ctx);`
`107`	`108`	`_mac = computeMAC(derivedKey.end() - params.getKeyBytesSize(), derivedKey.end(), encrypted);`
`108`	`109`	`}`
	`110`	`+`
	`111`	`+ memzero(derivedKey.data(), derivedKey.size());`
`109`	`112`	`}`
`110`	`113`
`111`	`114`	`EncryptedPayload::~EncryptedPayload() {`
`@@ -134,6 +137,7 @@ Data EncryptedPayload::decrypt(const Data& password) const {`
`134`	`137`	`}`
`135`	`138`
`136`	`139`	`if (!isEqualConstantTime(mac, _mac)) {`
	`140`	`+ memzero(derivedKey.data(), derivedKey.size());`
`137`	`141`	`throw DecryptionError::invalidPassword;`
`138`	`142`	`}`
`139`	`143`
`@@ -156,7 +160,9 @@ Data EncryptedPayload::decrypt(const Data& password) const {`
`156`	`160`
`157`	`161`	`aes_ctr_decrypt(encrypted.data(), decrypted.data(), static_cast<int>(encrypted.size()), iv.data(),`
`158`	`162`	`aes_ctr_cbuf_inc, &ctx);`
	`163`	`+ memzero(derivedKey.data(), derivedKey.size());`
`159`	`164`	`} else {`
	`165`	`+ memzero(derivedKey.data(), derivedKey.size());`
`160`	`166`	`throw DecryptionError::unsupportedCipher;`
`161`	`167`	`}`
`162`	`168`