Update zeroize crate, derive Zeroize & ZeroizeOnDrop for SecretKey.

ycrypto · Jul 5, 2023 · 8b1f83a · 8b1f83a
1 parent 1ec27e9
commit 8b1f83a
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 5 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -40,7 +40,7 @@ ed25519 = { version = "2.2", default-features = false }
 hex = "0.4"
 hex-literal = "0.4"
 subtle = { version = "2.4.0", default-features = false }
-zeroize = { version = "1.2.0", default-features = false }
+zeroize = { version = "1.6", default-features = false, features = ["zeroize_derive"] }
 
 [dependencies]
 subtle.workspace = true

diff --git a/src/agreement.rs b/src/agreement.rs
@@ -221,4 +221,15 @@ mod tests {
         //     assert_eq!(hex::encode(k), "7c3911e0ab2586fd864497297e575e6f3bc601c0883c30df5f4dd2d24f665424");
         // }
     }
+
+    #[test]
+    fn zeroize_on_drop() {
+        let mut secret = SecretKey::from_seed(&[1u8; 32]);
+
+        unsafe {
+            core::ptr::drop_in_place(&mut secret);
+        }
+
+        assert_eq!(secret.0.as_bytes(), &[0u8; 32]);
+    }
 }
diff --git a/src/scalar.rs b/src/scalar.rs
@@ -1,6 +1,7 @@
 use core::ops::{Add, Mul};
 
 use crate::constants::SCALAR_LENGTH;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 /// 32 octets, interpreted as little-endian 256 bit unsigned integer
 pub type U256le = [u8; 32];
@@ -11,8 +12,10 @@ pub type U512le = [u8; 64];
 /// structure, consisting of these scalars. They are the
 /// integers modulo "ell", where "ell" is 2**252 + something something.
 #[repr(C)]
-#[derive(Clone, Debug, Default, PartialEq)]
-pub struct Scalar(pub [u8; SCALAR_LENGTH]);
+#[derive(Clone, Debug,Default,PartialEq, Zeroize, ZeroizeOnDrop)]
+pub struct Scalar(
+    pub [u8; SCALAR_LENGTH]
+);
 
 type UnpackedScalar = crate::scalar29::Scalar29;
 
@@ -298,4 +301,17 @@ mod test {
 
         assert_eq!(five, Scalar::from(5u64));
     }
+
+    #[test]
+    fn zeroize_on_drop() {
+        let mut one = Scalar([1u8; SCALAR_LENGTH]);
+
+        assert_ne!(one.0, [0u8; SCALAR_LENGTH]);
+
+        unsafe {
+            core::ptr::drop_in_place(&mut one);
+        }
+
+        assert_eq!(one.0, [0u8; SCALAR_LENGTH]);
+    }
 }
diff --git a/src/signature.rs b/src/signature.rs
@@ -1,5 +1,6 @@
 #[cfg(feature = "cose")]
 pub use cosey::Ed25519PublicKey as CosePublicKey;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use crate::{
     constants::{
@@ -14,6 +15,7 @@ use crate::{
 
 /// a secret key, consisting internally of the seed and
 /// its expansion into a scalar and a "nonce".
+#[derive(Zeroize, ZeroizeOnDrop)]
 pub struct SecretKey {
     #[allow(dead_code)]
     pub(crate) seed: [u8; SECRETKEY_SEED_LENGTH],
@@ -424,8 +426,8 @@ impl Signature {
 
 #[cfg(test)]
 mod tests {
-    use super::Keypair;
-    use crate::hash::Sha512;
+    use super::*;
+    use crate::{constants::SCALAR_LENGTH, hash::Sha512};
     use hex_literal::hex;
 
     #[test]
@@ -581,4 +583,21 @@ mod tests {
         assert_eq!(secret1.x(), secret2.x());
         assert_eq!(secret1.y(), secret2.y());
     }
+
+    #[test]
+    fn zeroize_on_drop() {
+        let mut secret = SecretKey::from(&[1u8; SECRETKEY_SEED_LENGTH]);
+
+        assert_ne!(secret.seed, [0u8; SECRETKEY_SEED_LENGTH]);
+        assert_ne!(secret.scalar.0, [0u8; SCALAR_LENGTH]);
+        assert_ne!(secret.nonce, [0u8; SECRETKEY_NONCE_LENGTH]);
+
+        unsafe {
+            core::ptr::drop_in_place(&mut secret);
+        }
+
+        assert_eq!(secret.seed, [0u8; SECRETKEY_SEED_LENGTH]);
+        assert_eq!(secret.scalar.0, [0u8; SCALAR_LENGTH]);
+        assert_eq!(secret.nonce, [0u8; SECRETKEY_NONCE_LENGTH]);
+    }
 }