zeroize remaining secret values (#428)
This commit is contained in:
parent
17c98d4412
commit
abc11227b9
|
@ -518,17 +518,20 @@ fn evaluate_vss<C: Ciphersuite>(
|
|||
/// When using a central dealer, [`SecretShare`]s are distributed to
|
||||
/// participants, who then perform verification, before deriving
|
||||
/// [`KeyPackage`]s, which they store to later use during signing.
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Getters)]
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Getters, Zeroize)]
|
||||
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
|
||||
#[cfg_attr(feature = "serde", serde(deny_unknown_fields))]
|
||||
pub struct KeyPackage<C: Ciphersuite> {
|
||||
/// Denotes the participant identifier each secret share key package is owned by.
|
||||
#[zeroize(skip)]
|
||||
pub(crate) identifier: Identifier<C>,
|
||||
/// This participant's secret share.
|
||||
pub(crate) secret_share: SigningShare<C>,
|
||||
/// This participant's public key.
|
||||
#[zeroize(skip)]
|
||||
pub(crate) public: VerifyingShare<C>,
|
||||
/// The public signing key that represents the entire group.
|
||||
#[zeroize(skip)]
|
||||
pub(crate) group_public: VerifyingKey<C>,
|
||||
/// Ciphersuite ID for serialization
|
||||
#[cfg_attr(
|
||||
|
|
|
@ -48,6 +48,7 @@ use super::{
|
|||
/// DKG Round 1 structures.
|
||||
pub mod round1 {
|
||||
use derive_getters::Getters;
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use super::*;
|
||||
|
||||
|
@ -127,11 +128,23 @@ pub mod round1 {
|
|||
.finish()
|
||||
}
|
||||
}
|
||||
|
||||
impl<C> Zeroize for SecretPackage<C>
|
||||
where
|
||||
C: Ciphersuite,
|
||||
{
|
||||
fn zeroize(&mut self) {
|
||||
for i in 0..self.coefficients.len() {
|
||||
self.coefficients[i] = <<C::Group as Group>::Field>::zero();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// DKG Round 2 structures.
|
||||
pub mod round2 {
|
||||
use derive_getters::Getters;
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use super::*;
|
||||
|
||||
|
@ -215,6 +228,15 @@ pub mod round2 {
|
|||
.finish()
|
||||
}
|
||||
}
|
||||
|
||||
impl<C> Zeroize for SecretPackage<C>
|
||||
where
|
||||
C: Ciphersuite,
|
||||
{
|
||||
fn zeroize(&mut self) {
|
||||
self.secret_share = <<C::Group as Group>::Field>::zero();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Performs the first part of the distributed key generation protocol
|
||||
|
|
Loading…
Reference in New Issue