Replace memset by expilcit_bzero for critical data

src_features/getPublicKey/cmd_getPublicKey.c

@@ -35,8 +35,8 @@ void handleGetPublicKey(uint8_t p1, uint8_t p2, uint8_t *dataBuffer, uint16_t da
   cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey);
   io_seproxyhal_io_heartbeat();
   cx_ecfp_generate_pair(CX_CURVE_256K1, &tmpCtx.publicKeyContext.publicKey, &privateKey, 1);
-  memset(&privateKey, 0, sizeof(privateKey));
-  memset(privateKeyData, 0, sizeof(privateKeyData));
+  explicit_bzero(&privateKey, sizeof(privateKey));
+  explicit_bzero(privateKeyData, sizeof(privateKeyData));
   io_seproxyhal_io_heartbeat();
   getEthAddressStringFromKey(&tmpCtx.publicKeyContext.publicKey, tmpCtx.publicKeyContext.address, &global_sha3, chainConfig);
 #ifndef NO_CONSENT

src_features/signMessage/ui_common_signMessage.c

@@ -13,14 +13,14 @@ unsigned int io_seproxyhal_touch_signMessage_ok(const bagl_element_t *e) {
         tmpCtx.messageSigningContext.pathLength, privateKeyData, NULL);
     io_seproxyhal_io_heartbeat();
     cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey);
-    memset(privateKeyData, 0, sizeof(privateKeyData));
+    explicit_bzero(privateKeyData, sizeof(privateKeyData));
     unsigned int info = 0;
     io_seproxyhal_io_heartbeat();
     signatureLength =
         cx_ecdsa_sign(&privateKey, CX_RND_RFC6979 | CX_LAST, CX_SHA256,
                       tmpCtx.messageSigningContext.hash,
                       sizeof(tmpCtx.messageSigningContext.hash), signature, sizeof(signature), &info);
-    memset(&privateKey, 0, sizeof(privateKey));
+    explicit_bzero(&privateKey, sizeof(privateKey));
     G_io_apdu_buffer[0] = 27;
     if (info & CX_ECCINFO_PARITY_ODD) {
       G_io_apdu_buffer[0]++;

src_features/signMessageEIP712/ui_common_signMessage712.c

@@ -24,14 +24,14 @@ unsigned int io_seproxyhal_touch_signMessage712_v0_ok(const bagl_element_t *e) {
         tmpCtx.messageSigningContext712.pathLength, privateKeyData, NULL);
     io_seproxyhal_io_heartbeat();
     cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey);
-    memset(privateKeyData, 0, sizeof(privateKeyData));
+    explicit_bzero(privateKeyData, sizeof(privateKeyData));
     unsigned int info = 0;
     io_seproxyhal_io_heartbeat();
     signatureLength =
         cx_ecdsa_sign(&privateKey, CX_RND_RFC6979 | CX_LAST, CX_SHA256,
                       hash,
                       sizeof(hash), signature, sizeof(signature), &info);
-    memset(&privateKey, 0, sizeof(privateKey));
+    explicit_bzero(&privateKey, sizeof(privateKey));
     G_io_apdu_buffer[0] = 27;
     if (info & CX_ECCINFO_PARITY_ODD) {
       G_io_apdu_buffer[0]++;

src_features/signTx/ui_common_signTx.c

@@ -15,14 +15,14 @@ unsigned int io_seproxyhal_touch_tx_ok(const bagl_element_t *e) {
                                privateKeyData, NULL);
     cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32,
                                  &privateKey);
-    memset(privateKeyData, 0, sizeof(privateKeyData));
+    explicit_bzero(privateKeyData, sizeof(privateKeyData));
     unsigned int info = 0;
     io_seproxyhal_io_heartbeat();
     signatureLength =
         cx_ecdsa_sign(&privateKey, CX_RND_RFC6979 | CX_LAST, CX_SHA256,
                       tmpCtx.transactionContext.hash,
                       sizeof(tmpCtx.transactionContext.hash), signature, sizeof(signature), &info);
-    memset(&privateKey, 0, sizeof(privateKey));
+    explicit_bzero(&privateKey, sizeof(privateKey));
     // Parity is present in the sequence tag in the legacy API
     if (tmpContent.txContent.vLength == 0) {
       // Legacy API

src_features/stark_getPublicKey/cmd_stark_getPublicKey.c

@@ -34,8 +34,8 @@ void handleStarkwareGetPublicKey(uint8_t p1, uint8_t p2, uint8_t *dataBuffer, ui
   cx_ecfp_init_private_key(CX_CURVE_Stark256, privateKeyData, 32, &privateKey);
   io_seproxyhal_io_heartbeat();
   cx_ecfp_generate_pair(CX_CURVE_Stark256, &tmpCtx.publicKeyContext.publicKey, &privateKey, 1);
-  memset(&privateKey, 0, sizeof(privateKey));
-  memset(privateKeyData, 0, sizeof(privateKeyData));
+  explicit_bzero(&privateKey, sizeof(privateKey));
+  explicit_bzero(privateKeyData, sizeof(privateKeyData));
   io_seproxyhal_io_heartbeat();
 #ifndef NO_CONSENT
   if (p1 == P1_NON_CONFIRM)

src_features/stark_sign/cmd_stark_sign.c

@@ -176,8 +176,8 @@ void handleStarkwareSignMessage(uint8_t p1, uint8_t p2, uint8_t *dataBuffer, uin
     cx_ecfp_init_private_key(CX_CURVE_Stark256, privateKeyData, 32, &privateKey);
     io_seproxyhal_io_heartbeat();
     cx_ecfp_generate_pair(CX_CURVE_Stark256, &publicKey, &privateKey, 1);
-    memset(&privateKey, 0, sizeof(privateKey));
-    memset(privateKeyData, 0, sizeof(privateKeyData));
+    explicit_bzero(&privateKey, sizeof(privateKey));
+    explicit_bzero(privateKeyData, sizeof(privateKeyData));
     io_seproxyhal_io_heartbeat();
     selfTransfer = (memcmp(publicKey.W + 1, dataBuffer + 20 + 32 + postOffset, 32) == 0);
     PRINTF("self transfer %d\n", selfTransfer);

src_features/stark_unsafe_sign/cmd_stark_unsafe_sign.c

@@ -42,8 +42,8 @@ void handleStarkwareUnsafeSign(uint8_t p1, uint8_t p2, uint8_t *dataBuffer, uint
   cx_ecfp_init_private_key(CX_CURVE_Stark256, privateKeyData, 32, &privateKey);
   io_seproxyhal_io_heartbeat();
   cx_ecfp_generate_pair(CX_CURVE_Stark256, &publicKey, &privateKey, 1);
-  memset(&privateKey, 0, sizeof(privateKey));
-  memset(privateKeyData, 0, sizeof(privateKeyData));
+  explicit_bzero(&privateKey, sizeof(privateKey));
+  explicit_bzero(privateKeyData, sizeof(privateKeyData));
   io_seproxyhal_io_heartbeat();
   memmove(dataContext.starkContext.w1, publicKey.W + 1, 32);
   ux_flow_init(0, ux_stark_unsafe_sign_flow, NULL);

src_plugins/starkware/starkware_plugin.c

@@ -308,8 +308,8 @@ void starkware_get_source_address(char *destination) {
   cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey);
   io_seproxyhal_io_heartbeat();
   cx_ecfp_generate_pair(CX_CURVE_256K1, &publicKey, &privateKey, 1);
-  memset(&privateKey, 0, sizeof(privateKey));
-  memset(privateKeyData, 0, sizeof(privateKeyData));
+  explicit_bzero(&privateKey, sizeof(privateKey));
+  explicit_bzero(privateKeyData, sizeof(privateKeyData));
   io_seproxyhal_io_heartbeat();
   destination[0] = '0';
   destination[1] = 'x';