From bd29bee6c429416b9ff5c42542c90dbf98a03bbe Mon Sep 17 00:00:00 2001 From: Aaron Feickert <66188213+AaronFeickert@users.noreply.github.com> Date: Tue, 14 Mar 2023 13:32:36 -0500 Subject: [PATCH] Require secret keys to be zeroized on drop --- src/keys.rs | 6 ++++-- src/ristretto/ristretto_keys.rs | 5 ++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/keys.rs b/src/keys.rs index dda97830..b6de166d 100644 --- a/src/keys.rs +++ b/src/keys.rs @@ -11,7 +11,7 @@ use std::ops::Add; use rand::{CryptoRng, Rng}; use serde::{de::DeserializeOwned, ser::Serialize}; use tari_utilities::ByteArray; -use zeroize::Zeroize; +use zeroize::{Zeroize, ZeroizeOnDrop}; /// A trait specifying common behaviour for representing `SecretKey`s. Specific elliptic curve /// implementations need to implement this trait for them to be used in Tari. @@ -27,7 +27,9 @@ use zeroize::Zeroize; /// let k = RistrettoSecretKey::random(&mut rng); /// let p = RistrettoPublicKey::from_secret_key(&k); /// ``` -pub trait SecretKey: ByteArray + Clone + PartialEq + Eq + Add + Default + Zeroize { +pub trait SecretKey: + ByteArray + Clone + PartialEq + Eq + Add + Default + Zeroize + ZeroizeOnDrop +{ /// The length of the key, in bytes fn key_length() -> usize; /// Generates a random secret key diff --git a/src/ristretto/ristretto_keys.rs b/src/ristretto/ristretto_keys.rs index ae73f214..cde51ded 100644 --- a/src/ristretto/ristretto_keys.rs +++ b/src/ristretto/ristretto_keys.rs @@ -23,7 +23,7 @@ use digest::Digest; use once_cell::sync::OnceCell; use rand::{CryptoRng, Rng}; use tari_utilities::{hex::Hex, ByteArray, ByteArrayError, Hashable}; -use zeroize::Zeroize; +use zeroize::{Zeroize, ZeroizeOnDrop}; use crate::{ errors::HashingError, @@ -52,8 +52,7 @@ use crate::{ /// let _k2 = RistrettoSecretKey::from_hex(&"100000002000000030000000040000000"); /// let _k3 = RistrettoSecretKey::random(&mut rng); /// ``` -#[derive(Eq, Clone, Default, Zeroize)] -#[zeroize(drop)] +#[derive(Eq, Clone, Default, Zeroize, ZeroizeOnDrop)] pub struct RistrettoSecretKey(pub(crate) Scalar); #[cfg(feature = "borsh")]