Skip to content

Commit

Permalink
Make structs with secret data not Copy
Browse files Browse the repository at this point in the history 
Rust doesn't support destructors on structures with the Copy trait.

Introduce another breaking change 馃 as a workaround.

No functional changes. It's just going to break existing code using
one way to copy stuff (*) instead of the other way (.clone()) 馃
  • Loading branch information
@jedisct1
jedisct1 committed Oct 11, 2022
1 parent f1408d0 commit 0f249f3
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 22 deletions.
4 changes: 2 additions & 2 deletions src/common.rs
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
use super::error::Error;

use core::ops::{Deref, DerefMut};
use core::ptr;
use core::sync::atomic;

use super::error::Error;

/// A seed, which a key pair can be derived from.
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
pub struct Seed([u8; Seed::BYTES]);
Expand Down
25 changes: 14 additions & 11 deletions src/ed25519.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ impl Deref for PublicKey {
}

/// A secret key.
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[derive(Clone, Debug, Eq, PartialEq, Hash)]
pub struct SecretKey([u8; SecretKey::BYTES]);

impl SecretKey {
Expand Down Expand Up @@ -78,9 +78,10 @@ impl SecretKey {
pub fn seed(&self) -> Seed {
Seed::from_slice(&self[0..Seed::BYTES]).unwrap()
}
}

/// Tentatively overwrite the secret key with zeros.
pub fn wipe(self) {
impl Drop for SecretKey {
fn drop(&mut self) {
Mem::wipe(self.0)
}
}
Expand All @@ -102,7 +103,7 @@ impl DerefMut for SecretKey {
}

/// A key pair.
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[derive(Clone, Debug, Eq, PartialEq, Hash)]
pub struct KeyPair {
/// Public key part of the key pair.
pub pk: PublicKey,
Expand Down Expand Up @@ -429,7 +430,7 @@ fn test_ed25519() {
mod blind_keys {
use super::*;

#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[derive(Clone, Debug, Eq, PartialEq, Hash)]
pub struct Blind([u8; Blind::BYTES]);

impl From<[u8; 32]> for Blind {
Expand All @@ -456,9 +457,10 @@ mod blind_keys {
blind_.copy_from_slice(blind);
Ok(Blind::new(blind_))
}
}

/// Tentatively overwrite the blind with zeros.
pub fn wipe(self) {
impl Drop for Blind {
fn drop(&mut self) {
Mem::wipe(self.0)
}
}
Expand Down Expand Up @@ -566,14 +568,14 @@ mod blind_keys {
}

/// A blind secret key.
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[derive(Clone, Debug, Eq, PartialEq, Hash)]
pub struct BlindSecretKey {
pub prefix: [u8; 2 * Seed::BYTES],
pub blind_scalar: [u8; 32],
pub blind_pk: BlindPublicKey,
}

#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[derive(Clone, Debug, Eq, PartialEq, Hash)]
pub struct BlindKeyPair {
/// Public key part of the blind key pair.
pub blind_pk: BlindPublicKey,
Expand Down Expand Up @@ -625,9 +627,10 @@ mod blind_keys {
}
signature
}
}

/// Tentatively overwrite the blind secret key with zeros.
pub fn wipe(self) {
impl Drop for BlindSecretKey {
fn drop(&mut self) {
Mem::wipe(self.prefix);
Mem::wipe(self.blind_scalar);
}
Expand Down
18 changes: 9 additions & 9 deletions src/x25519.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ const POINT_BYTES: usize = 32;
/// Non-uniform output of a scalar multiplication.
/// This represents a point on the curve, and should not be used directly as a
/// cipher key.
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[derive(Clone, Debug, Eq, PartialEq, Hash)]
pub struct DHOutput([u8; DHOutput::BYTES]);

impl DHOutput {
Expand Down Expand Up @@ -46,9 +46,8 @@ impl From<DHOutput> for SecretKey {
}
}

impl DHOutput {
/// Tentatively overwrite the output with zeros.
pub fn wipe(self) {
impl Drop for DHOutput {
fn drop(&mut self) {
Mem::wipe(self.0)
}
}
Expand Down Expand Up @@ -155,7 +154,7 @@ impl Deref for PublicKey {
}

/// A secret key.
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[derive(Clone, Debug, Eq, PartialEq, Hash)]
pub struct SecretKey([u8; SecretKey::BYTES]);

impl SecretKey {
Expand All @@ -179,7 +178,7 @@ impl SecretKey {

/// Perform the X25519 clamping magic
pub fn clamped(&self) -> SecretKey {
let mut clamped = *self;
let mut clamped = self.clone();
clamped[0] &= 248;
clamped[31] &= 63;
clamped[31] |= 64;
Expand All @@ -191,9 +190,10 @@ impl SecretKey {
let sk = self.clamped();
Ok(PublicKey(PublicKey::base_point().ladder(&sk.0, 255)?))
}
}

/// Tentatively overwrite the secret key with zeros.
pub fn wipe(&mut self) {
impl Drop for SecretKey {
fn drop(&mut self) {
Mem::wipe(self.0)
}
}
Expand All @@ -215,7 +215,7 @@ impl DerefMut for SecretKey {
}

/// A key pair.
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
#[derive(Clone, Debug, Eq, PartialEq, Hash)]
pub struct KeyPair {
/// Public key part of the key pair.
pub pk: PublicKey,
Expand Down

0 comments on commit 0f249f3

Please sign in to comment.