Zeroize full signingkey (#73)
* Zeroize full signingkey Includes Default and DefaultIsZeroes impl for VerificationKey. Resolves #72 * derive Zeroize for SigningKey
This commit is contained in:
Deirdre Connolly
GitHub
parent
e8e58e37a1
commit
79085903a0
10
Cargo.toml
10
Cargo.toml
|
|
@ -14,14 +14,14 @@ resolver = "2"
|
|||
features = ["nightly"]
|
||||
|
||||
[dependencies]
|
||||
hex = { version = "0.4", default-features = false, features = ["alloc"] }
|
||||
sha2 = { version = "0.10", default-features = false }
|
||||
rand_core = "0.6"
|
||||
# "digest" is exempt from SemVer, so we should always use a specific version
|
||||
curve25519-dalek = { version = "=4.0.0-pre.5", default-features = false, features = ["alloc", "digest"] }
|
||||
serde = { version = "1", optional = true, features = ["derive"] }
|
||||
zeroize = "1.5"
|
||||
hashbrown = "0.12.0"
|
||||
hex = { version = "0.4", default-features = false, features = ["alloc"] }
|
||||
rand_core = "0.6"
|
||||
serde = { version = "1", optional = true, features = ["derive"] }
|
||||
sha2 = { version = "0.10", default-features = false }
|
||||
zeroize = { version = "1.5", features = [ "zeroize_derive" ] }
|
||||
|
||||
[dev-dependencies]
|
||||
rand = "0.8"
|
||||
|
|
|
|||
|
|
@ -3,13 +3,14 @@ use core::convert::TryFrom;
|
|||
use curve25519_dalek::{constants, digest::Update, scalar::Scalar};
|
||||
use rand_core::{CryptoRng, RngCore};
|
||||
use sha2::{Digest, Sha512};
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use crate::{Error, Signature, VerificationKey, VerificationKeyBytes};
|
||||
|
||||
/// An Ed25519 signing key.
|
||||
///
|
||||
/// This is also called a secret key by other implementations.
|
||||
#[derive(Copy, Clone)]
|
||||
#[derive(Copy, Clone, Zeroize)]
|
||||
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
|
||||
#[cfg_attr(feature = "serde", serde(from = "SerdeHelper"))]
|
||||
#[cfg_attr(feature = "serde", serde(into = "SerdeHelper"))]
|
||||
|
|
@ -103,13 +104,6 @@ impl From<[u8; 32]> for SigningKey {
|
|||
}
|
||||
}
|
||||
|
||||
impl zeroize::Zeroize for SigningKey {
|
||||
fn zeroize(&mut self) {
|
||||
self.seed.zeroize();
|
||||
self.s.zeroize()
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
|
||||
struct SerdeHelper([u8; 32]);
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ use curve25519_dalek::{
|
|||
traits::IsIdentity,
|
||||
};
|
||||
use sha2::Sha512;
|
||||
use zeroize::DefaultIsZeroes;
|
||||
|
||||
use crate::{Error, Signature};
|
||||
|
||||
|
|
@ -112,6 +113,20 @@ impl AsRef<[u8]> for VerificationKey {
|
|||
}
|
||||
}
|
||||
|
||||
impl Default for VerificationKey {
|
||||
fn default() -> VerificationKey {
|
||||
let identity: EdwardsPoint = Default::default();
|
||||
let identity_bytes = identity.compress().to_bytes();
|
||||
|
||||
VerificationKey {
|
||||
A_bytes: VerificationKeyBytes::from(identity_bytes),
|
||||
minus_A: -identity,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl DefaultIsZeroes for VerificationKey {}
|
||||
|
||||
impl From<VerificationKey> for [u8; 32] {
|
||||
fn from(vk: VerificationKey) -> [u8; 32] {
|
||||
vk.A_bytes.0
|
||||
|
|
|
|||
Loading…
Reference in New Issue