Zeroize full signingkey (#73)
* Zeroize full signingkey Includes Default and DefaultIsZeroes impl for VerificationKey. Resolves #72 * derive Zeroize for SigningKey
This commit is contained in:
parent
e8e58e37a1
commit
79085903a0
10
Cargo.toml
10
Cargo.toml
|
@ -14,14 +14,14 @@ resolver = "2"
|
||||||
features = ["nightly"]
|
features = ["nightly"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
hex = { version = "0.4", default-features = false, features = ["alloc"] }
|
|
||||||
sha2 = { version = "0.10", default-features = false }
|
|
||||||
rand_core = "0.6"
|
|
||||||
# "digest" is exempt from SemVer, so we should always use a specific version
|
# "digest" is exempt from SemVer, so we should always use a specific version
|
||||||
curve25519-dalek = { version = "=4.0.0-pre.5", default-features = false, features = ["alloc", "digest"] }
|
curve25519-dalek = { version = "=4.0.0-pre.5", default-features = false, features = ["alloc", "digest"] }
|
||||||
serde = { version = "1", optional = true, features = ["derive"] }
|
|
||||||
zeroize = "1.5"
|
|
||||||
hashbrown = "0.12.0"
|
hashbrown = "0.12.0"
|
||||||
|
hex = { version = "0.4", default-features = false, features = ["alloc"] }
|
||||||
|
rand_core = "0.6"
|
||||||
|
serde = { version = "1", optional = true, features = ["derive"] }
|
||||||
|
sha2 = { version = "0.10", default-features = false }
|
||||||
|
zeroize = { version = "1.5", features = [ "zeroize_derive" ] }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
rand = "0.8"
|
rand = "0.8"
|
||||||
|
|
|
@ -3,13 +3,14 @@ use core::convert::TryFrom;
|
||||||
use curve25519_dalek::{constants, digest::Update, scalar::Scalar};
|
use curve25519_dalek::{constants, digest::Update, scalar::Scalar};
|
||||||
use rand_core::{CryptoRng, RngCore};
|
use rand_core::{CryptoRng, RngCore};
|
||||||
use sha2::{Digest, Sha512};
|
use sha2::{Digest, Sha512};
|
||||||
|
use zeroize::Zeroize;
|
||||||
|
|
||||||
use crate::{Error, Signature, VerificationKey, VerificationKeyBytes};
|
use crate::{Error, Signature, VerificationKey, VerificationKeyBytes};
|
||||||
|
|
||||||
/// An Ed25519 signing key.
|
/// An Ed25519 signing key.
|
||||||
///
|
///
|
||||||
/// This is also called a secret key by other implementations.
|
/// This is also called a secret key by other implementations.
|
||||||
#[derive(Copy, Clone)]
|
#[derive(Copy, Clone, Zeroize)]
|
||||||
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
|
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
|
||||||
#[cfg_attr(feature = "serde", serde(from = "SerdeHelper"))]
|
#[cfg_attr(feature = "serde", serde(from = "SerdeHelper"))]
|
||||||
#[cfg_attr(feature = "serde", serde(into = "SerdeHelper"))]
|
#[cfg_attr(feature = "serde", serde(into = "SerdeHelper"))]
|
||||||
|
@ -103,13 +104,6 @@ impl From<[u8; 32]> for SigningKey {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl zeroize::Zeroize for SigningKey {
|
|
||||||
fn zeroize(&mut self) {
|
|
||||||
self.seed.zeroize();
|
|
||||||
self.s.zeroize()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
|
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
|
||||||
struct SerdeHelper([u8; 32]);
|
struct SerdeHelper([u8; 32]);
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,7 @@ use curve25519_dalek::{
|
||||||
traits::IsIdentity,
|
traits::IsIdentity,
|
||||||
};
|
};
|
||||||
use sha2::Sha512;
|
use sha2::Sha512;
|
||||||
|
use zeroize::DefaultIsZeroes;
|
||||||
|
|
||||||
use crate::{Error, Signature};
|
use crate::{Error, Signature};
|
||||||
|
|
||||||
|
@ -112,6 +113,20 @@ impl AsRef<[u8]> for VerificationKey {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl Default for VerificationKey {
|
||||||
|
fn default() -> VerificationKey {
|
||||||
|
let identity: EdwardsPoint = Default::default();
|
||||||
|
let identity_bytes = identity.compress().to_bytes();
|
||||||
|
|
||||||
|
VerificationKey {
|
||||||
|
A_bytes: VerificationKeyBytes::from(identity_bytes),
|
||||||
|
minus_A: -identity,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl DefaultIsZeroes for VerificationKey {}
|
||||||
|
|
||||||
impl From<VerificationKey> for [u8; 32] {
|
impl From<VerificationKey> for [u8; 32] {
|
||||||
fn from(vk: VerificationKey) -> [u8; 32] {
|
fn from(vk: VerificationKey) -> [u8; 32] {
|
||||||
vk.A_bytes.0
|
vk.A_bytes.0
|
||||||
|
|
Loading…
Reference in New Issue