Add zeroize support for remaining crates

Cargo.toml

@@ -26,3 +26,6 @@ members = [
 
 [profile.dev]
 opt-level = 2
+
+[patch.crates-io]
+digest = { git = 'https://github.com/RustCrypto/traits' }

belt-hash/Cargo.toml

@@ -24,3 +24,8 @@ hex-literal = "0.4"
 default = ["oid", "std"]
 std = ["digest/std"]
 oid = ["digest/oid"]
+zeroize = ["digest/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

belt-hash/src/lib.rs

@@ -24,6 +24,9 @@ use digest::{
     HashMarker, Output,
 };
 
+#[cfg(feature = "zeroize")]
+use digest::zeroize::{ZeroizeOnDrop, Zeroize};
+
 const U32_MASK: u128 = (1 << 32) - 1;
 const H0: [u32; 8] = [
     0xC8BA94B1, 0x3BF5080A, 0x8E006D36, 0xE45D4A58, 0x9DFA0485, 0xACC7B61B, 0xC2722E25, 0x0DCEFD02,
@@ -37,6 +40,9 @@ pub struct BeltHashCore {
     h: [u32; 8],
 }
 
+/// BelT hasher state.
+pub type BeltHash = CoreWrapper<BeltHashCore>;
+
 impl BeltHashCore {
     fn compress_block(&mut self, block: &Block<Self>) {
         let x1 = [
@@ -134,8 +140,19 @@ impl AssociatedOid for BeltHashCore {
     const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.112.0.2.0.34.101.31.81");
 }
 
-/// BelT hasher state.
-pub type BeltHash = CoreWrapper<BeltHashCore>;
+impl Drop for BeltHashCore {
+    fn drop(&mut self) {
+        #[cfg(feature = "zeroize")]
+        {
+            self.r.zeroize();
+            self.s.zeroize();
+            self.h.zeroize();
+        }
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl ZeroizeOnDrop for BeltHashCore {}
 
 /// Compression function described in the section 6.3.2
 #[inline(always)]

blake2/Cargo.toml

@@ -27,3 +27,7 @@ reset = [] # Enable reset functionality
 #simd_opt = ["simd"]
 #simd_asm = ["simd_opt"]
 size_opt = [] # Optimize for code size. Removes some `inline(always)`
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

fsb/Cargo.toml

@@ -23,3 +23,8 @@ hex-literal = "0.4"
 [features]
 default = ["std"]
 std = ["digest/std"]
+zeroize = ["digest/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

fsb/src/lib.rs

@@ -27,6 +27,9 @@ use digest::{
     HashMarker, Output,
 };
 
+#[cfg(feature = "zeroize")]
+use digest::zeroize::{ZeroizeOnDrop, Zeroize};
+
 // FSB-160
 fsb_impl!(
     Fsb160,

fsb/src/macros.rs

@@ -12,6 +12,9 @@ macro_rules! fsb_impl {
             state: [u8; $r / 8],
         }
 
+        #[doc=$full_doc]
+        pub type $full_state = CoreWrapper<$state>;
+
         impl HashMarker for $state {}
 
         impl BlockSizeUser for $state {
@@ -79,8 +82,18 @@ macro_rules! fsb_impl {
             }
         }
 
-        #[doc=$full_doc]
-        pub type $full_state = CoreWrapper<$state>;
+        impl Drop for $state {
+            fn drop(&mut self) {
+                #[cfg(feature = "zeroize")]
+                {
+                    self.state.zeroize();
+                    self.blocks_len.zeroize();
+                }
+            }
+        }
+
+        #[cfg(feature = "zeroize")]
+        impl ZeroizeOnDrop for $state {}
 
         impl $state {
             const SIZE_OUTPUT_COMPRESS: usize = $r / 8;

gost94/Cargo.toml

@@ -23,3 +23,8 @@ hex-literal = "0.4"
 default = ["oid", "std"]
 std = ["digest/std"]
 oid = ["digest/oid"]
+zeroize = ["digest/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

gost94/src/gost94_core.rs

@@ -10,6 +10,9 @@ use digest::{
     HashMarker, Output,
 };
 
+#[cfg(feature = "zeroize")]
+use digest::zeroize::{ZeroizeOnDrop, Zeroize};
+
 use crate::params::{Block, Gost94Params, SBox};
 
 const C: Block = [
@@ -273,3 +276,17 @@ impl<P: Gost94Params> fmt::Debug for Gost94Core<P> {
         f.write_str("Core { .. }")
     }
 }
+
+impl<P: Gost94Params> Drop for Gost94Core<P> {
+    fn drop(&mut self) {
+        #[cfg(feature = "zeroize")]
+        {
+            self.h.zeroize();
+            self.n.zeroize();
+            self.sigma.zeroize();
+        }
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl<P: Gost94Params> ZeroizeOnDrop for Gost94Core<P> {}

groestl/Cargo.toml

@@ -22,3 +22,8 @@ hex-literal = "0.4"
 [features]
 default = ["std"]
 std = ["digest/std"]
+zeroize = ["digest/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

groestl/src/lib.rs

@@ -21,6 +21,9 @@ use digest::{
     HashMarker, InvalidOutputSize, Output,
 };
 
+#[cfg(feature = "zeroize")]
+use digest::zeroize::{ZeroizeOnDrop, Zeroize};
+
 mod compress1024;
 mod compress512;
 mod table;
@@ -32,6 +35,18 @@ pub struct GroestlShortVarCore {
     blocks_len: u64,
 }
 
+/// Short Groestl variant which allows to choose output size at runtime.
+pub type GroestlShortVar = RtVariableCoreWrapper<GroestlShortVarCore>;
+/// Core hasher state of the short Groestl variant generic over output size.
+pub type GroestlShortCore<OutSize> = CtVariableCoreWrapper<GroestlShortVarCore, OutSize>;
+/// Hasher state of the short Groestl variant generic over output size.
+pub type GroestlShort<OutSize> = CoreWrapper<GroestlShortCore<OutSize>>;
+
+/// Groestl-224 hasher state.
+pub type Groestl224 = CoreWrapper<GroestlShortCore<U28>>;
+/// Groestl-256 hasher state.
+pub type Groestl256 = CoreWrapper<GroestlShortCore<U32>>;
+
 impl HashMarker for GroestlShortVarCore {}
 
 impl BlockSizeUser for GroestlShortVarCore {
@@ -101,17 +116,18 @@ impl fmt::Debug for GroestlShortVarCore {
     }
 }
 
-/// Short Groestl variant which allows to choose output size at runtime.
-pub type GroestlShortVar = RtVariableCoreWrapper<GroestlShortVarCore>;
-/// Core hasher state of the short Groestl variant generic over output size.
-pub type GroestlShortCore<OutSize> = CtVariableCoreWrapper<GroestlShortVarCore, OutSize>;
-/// Hasher state of the short Groestl variant generic over output size.
-pub type GroestlShort<OutSize> = CoreWrapper<GroestlShortCore<OutSize>>;
+impl Drop for GroestlShortVarCore {
+    fn drop(&mut self) {
+        #[cfg(feature = "zeroize")]
+        {
+            self.state.zeroize();
+            self.blocks_len.zeroize();
+        }
+    }
+}
 
-/// Groestl-224 hasher state.
-pub type Groestl224 = CoreWrapper<GroestlShortCore<U28>>;
-/// Groestl-256 hasher state.
-pub type Groestl256 = CoreWrapper<GroestlShortCore<U32>>;
+#[cfg(feature = "zeroize")]
+impl ZeroizeOnDrop for GroestlShortVarCore {}
 
 /// Lowest-level core hasher state of the long Groestl variant.
 #[derive(Clone)]
@@ -120,6 +136,18 @@ pub struct GroestlLongVarCore {
     blocks_len: u64,
 }
 
+/// Long Groestl variant which allows to choose output size at runtime.
+pub type GroestlLongVar = RtVariableCoreWrapper<GroestlLongVarCore>;
+/// Core hasher state of the long Groestl variant generic over output size.
+pub type GroestlLongCore<OutSize> = CtVariableCoreWrapper<GroestlLongVarCore, OutSize>;
+/// Hasher state of the long Groestl variant generic over output size.
+pub type GroestlLong<OutSize> = CoreWrapper<GroestlLongCore<OutSize>>;
+
+/// Groestl-384 hasher state.
+pub type Groestl384 = CoreWrapper<GroestlLongCore<U48>>;
+/// Groestl-512 hasher state.
+pub type Groestl512 = CoreWrapper<GroestlLongCore<U64>>;
+
 impl HashMarker for GroestlLongVarCore {}
 
 impl BlockSizeUser for GroestlLongVarCore {
@@ -189,14 +217,15 @@ impl fmt::Debug for GroestlLongVarCore {
     }
 }
 
-/// Long Groestl variant which allows to choose output size at runtime.
-pub type GroestlLongVar = RtVariableCoreWrapper<GroestlLongVarCore>;
-/// Core hasher state of the long Groestl variant generic over output size.
-pub type GroestlLongCore<OutSize> = CtVariableCoreWrapper<GroestlLongVarCore, OutSize>;
-/// Hasher state of the long Groestl variant generic over output size.
-pub type GroestlLong<OutSize> = CoreWrapper<GroestlLongCore<OutSize>>;
+impl Drop for GroestlLongVarCore {
+    fn drop(&mut self) {
+        #[cfg(feature = "zeroize")]
+        {
+            self.state.zeroize();
+            self.blocks_len.zeroize();
+        }
+    }
+}
 
-/// Groestl-384 hasher state.
-pub type Groestl384 = CoreWrapper<GroestlLongCore<U48>>;
-/// Groestl-512 hasher state.
-pub type Groestl512 = CoreWrapper<GroestlLongCore<U64>>;
+#[cfg(feature = "zeroize")]
+impl ZeroizeOnDrop for GroestlLongVarCore {}

jh/src/lib.rs

@@ -34,6 +34,15 @@ pub struct JhCore {
     block_len: u64,
 }
 
+/// Jh-224 hasher state
+pub type Jh224 = CoreWrapper<CtVariableCoreWrapper<JhCore, U28>>;
+/// Jh-256 hasher state
+pub type Jh256 = CoreWrapper<CtVariableCoreWrapper<JhCore, U32>>;
+/// Jh-384 hasher state
+pub type Jh384 = CoreWrapper<CtVariableCoreWrapper<JhCore, U48>>;
+/// Jh-512 hasher state
+pub type Jh512 = CoreWrapper<CtVariableCoreWrapper<JhCore, U64>>;
+
 impl HashMarker for JhCore {}
 
 impl BlockSizeUser for JhCore {
@@ -104,12 +113,3 @@ impl fmt::Debug for JhCore {
         f.write_str("JhCore { ... }")
     }
 }
-
-/// Jh-224 hasher state
-pub type Jh224 = CoreWrapper<CtVariableCoreWrapper<JhCore, U28>>;
-/// Jh-256 hasher state
-pub type Jh256 = CoreWrapper<CtVariableCoreWrapper<JhCore, U32>>;
-/// Jh-384 hasher state
-pub type Jh384 = CoreWrapper<CtVariableCoreWrapper<JhCore, U48>>;
-/// Jh-512 hasher state
-pub type Jh512 = CoreWrapper<CtVariableCoreWrapper<JhCore, U64>>;

k12/Cargo.toml

@@ -23,3 +23,8 @@ hex-literal = "0.4"
 [features]
 default = ["std"]
 std = ["digest/std"]
+zeroize = ["digest/zeroize", "sha3/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]