Zeroize full signingkey (#73)

* Zeroize full signingkey

Includes Default and DefaultIsZeroes impl for VerificationKey.

Resolves #72

* derive Zeroize for SigningKey
This commit is contained in:
Deirdre Connolly 2023-03-15 10:04:32 -04:00 committed by GitHub
parent e8e58e37a1
commit 79085903a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 13 deletions

View File

@ -14,14 +14,14 @@ resolver = "2"
features = ["nightly"]
[dependencies]
hex = { version = "0.4", default-features = false, features = ["alloc"] }
sha2 = { version = "0.10", default-features = false }
rand_core = "0.6"
# "digest" is exempt from SemVer, so we should always use a specific version
curve25519-dalek = { version = "=4.0.0-pre.5", default-features = false, features = ["alloc", "digest"] }
serde = { version = "1", optional = true, features = ["derive"] }
zeroize = "1.5"
hashbrown = "0.12.0"
hex = { version = "0.4", default-features = false, features = ["alloc"] }
rand_core = "0.6"
serde = { version = "1", optional = true, features = ["derive"] }
sha2 = { version = "0.10", default-features = false }
zeroize = { version = "1.5", features = [ "zeroize_derive" ] }
[dev-dependencies]
rand = "0.8"

View File

@ -3,13 +3,14 @@ use core::convert::TryFrom;
use curve25519_dalek::{constants, digest::Update, scalar::Scalar};
use rand_core::{CryptoRng, RngCore};
use sha2::{Digest, Sha512};
use zeroize::Zeroize;
use crate::{Error, Signature, VerificationKey, VerificationKeyBytes};
/// An Ed25519 signing key.
///
/// This is also called a secret key by other implementations.
#[derive(Copy, Clone)]
#[derive(Copy, Clone, Zeroize)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
#[cfg_attr(feature = "serde", serde(from = "SerdeHelper"))]
#[cfg_attr(feature = "serde", serde(into = "SerdeHelper"))]
@ -103,13 +104,6 @@ impl From<[u8; 32]> for SigningKey {
}
}
impl zeroize::Zeroize for SigningKey {
fn zeroize(&mut self) {
self.seed.zeroize();
self.s.zeroize()
}
}
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
struct SerdeHelper([u8; 32]);

View File

@ -7,6 +7,7 @@ use curve25519_dalek::{
traits::IsIdentity,
};
use sha2::Sha512;
use zeroize::DefaultIsZeroes;
use crate::{Error, Signature};
@ -112,6 +113,20 @@ impl AsRef<[u8]> for VerificationKey {
}
}
impl Default for VerificationKey {
fn default() -> VerificationKey {
let identity: EdwardsPoint = Default::default();
let identity_bytes = identity.compress().to_bytes();
VerificationKey {
A_bytes: VerificationKeyBytes::from(identity_bytes),
minus_A: -identity,
}
}
}
impl DefaultIsZeroes for VerificationKey {}
impl From<VerificationKey> for [u8; 32] {
fn from(vk: VerificationKey) -> [u8; 32] {
vk.A_bytes.0