From 65aedea00f39dc55f856ea146356ec7e89ddf358 Mon Sep 17 00:00:00 2001 From: Tom Leavy Date: Wed, 1 Oct 2025 15:21:07 -0400 Subject: [PATCH] remove Debug implementation for secret values --- mls-rs-core/src/crypto.rs | 13 ++------- mls-rs-core/src/group/group_state.rs | 6 +--- mls-rs-core/src/psk.rs | 4 +-- mls-rs-core/src/secret.rs | 2 +- mls-rs-crypto-hpke/src/context.rs | 8 ------ mls-rs-crypto-openssl/src/ec.rs | 1 - mls-rs-crypto-rustcrypto/src/ec.rs | 1 - mls-rs-crypto-traits/src/kem.rs | 10 ++++++- mls-rs/src/client_builder.rs | 9 ++++-- mls-rs/src/external_client/builder.rs | 7 ++++- .../ciphertext_processor/sender_data_key.rs | 6 +--- mls-rs/src/group/epoch.rs | 4 +-- mls-rs/src/group/key_schedule.rs | 28 ++----------------- mls-rs/src/group/proposal.rs | 7 +---- mls-rs/src/group/secret_tree.rs | 6 +--- mls-rs/src/psk/secret.rs | 7 ++--- mls-rs/src/tree_kem/path_secret.rs | 4 +-- 17 files changed, 39 insertions(+), 84 deletions(-) diff --git a/mls-rs-core/src/crypto.rs b/mls-rs-core/src/crypto.rs index 7ee9d61b1..b9ee0813e 100644 --- a/mls-rs-core/src/crypto.rs +++ b/mls-rs-core/src/crypto.rs @@ -37,10 +37,7 @@ pub struct HpkeCiphertext { impl Debug for HpkeCiphertext { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("HpkeCiphertext") - .field("kem_output", &crate::debug::pretty_bytes(&self.kem_output)) - .field("ciphertext", &crate::debug::pretty_bytes(&self.ciphertext)) - .finish() + f.debug_struct("HpkeCiphertext").finish() } } @@ -109,9 +106,7 @@ pub struct HpkeSecretKey( impl Debug for HpkeSecretKey { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - crate::debug::pretty_bytes(&self.0) - .named("HpkeSecretKey") - .fmt(f) + f.debug_struct("HpkeSecretKey").finish() } } @@ -254,9 +249,7 @@ pub struct SignatureSecretKey { impl Debug for SignatureSecretKey { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - crate::debug::pretty_bytes(&self.bytes) - .named("SignatureSecretKey") - .fmt(f) + f.debug_struct("SignatureSecretKey").finish() } } diff --git a/mls-rs-core/src/group/group_state.rs b/mls-rs-core/src/group/group_state.rs index 659901c0f..3deca8d0f 100644 --- a/mls-rs-core/src/group/group_state.rs +++ b/mls-rs-core/src/group/group_state.rs @@ -21,7 +21,6 @@ impl Debug for GroupState { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("GroupState") .field("id", &crate::debug::pretty_bytes(&self.id)) - .field("data", &crate::debug::pretty_bytes(&self.data)) .finish() } } @@ -36,10 +35,7 @@ pub struct EpochRecord { impl Debug for EpochRecord { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("EpochRecord") - .field("id", &self.id) - .field("data", &crate::debug::pretty_bytes(&self.data)) - .finish() + f.debug_struct("EpochRecord").field("id", &self.id).finish() } } diff --git a/mls-rs-core/src/psk.rs b/mls-rs-core/src/psk.rs index 99529bdca..348fa89e4 100644 --- a/mls-rs-core/src/psk.rs +++ b/mls-rs-core/src/psk.rs @@ -24,9 +24,7 @@ pub struct PreSharedKey( impl Debug for PreSharedKey { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - crate::debug::pretty_bytes(&self.0) - .named("PreSharedKey") - .fmt(f) + f.debug_struct("PreSharedKey").finish() } } diff --git a/mls-rs-core/src/secret.rs b/mls-rs-core/src/secret.rs index f84801ce4..fd6eb3bca 100644 --- a/mls-rs-core/src/secret.rs +++ b/mls-rs-core/src/secret.rs @@ -19,7 +19,7 @@ pub struct Secret(Zeroizing>); impl Debug for Secret { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - crate::debug::pretty_bytes(&self.0).named("Secret").fmt(f) + f.debug_struct("Secret").finish() } } diff --git a/mls-rs-crypto-hpke/src/context.rs b/mls-rs-crypto-hpke/src/context.rs index da2ab2662..badd491dc 100644 --- a/mls-rs-crypto-hpke/src/context.rs +++ b/mls-rs-crypto-hpke/src/context.rs @@ -24,10 +24,6 @@ pub(super) struct Context { impl Debug for Context { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("Context") - .field( - "exporter_secret", - &mls_rs_core::debug::pretty_bytes(&self.exporter_secret), - ) .field("encryption_context", &self.encryption_context) .field("kdf", &self.kdf) .finish() @@ -153,10 +149,6 @@ impl Debug for EncryptionContext { ) .field("seq_number", &self.seq_number) .field("aead", &self.aead) - .field( - "aead_key", - &mls_rs_core::debug::pretty_bytes(&self.aead_key), - ) .finish() } } diff --git a/mls-rs-crypto-openssl/src/ec.rs b/mls-rs-crypto-openssl/src/ec.rs index fa08003c6..a1de00374 100644 --- a/mls-rs-crypto-openssl/src/ec.rs +++ b/mls-rs-crypto-openssl/src/ec.rs @@ -57,7 +57,6 @@ impl Debug for KeyPair { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("KeyPair") .field("public", &mls_rs_core::debug::pretty_bytes(&self.public)) - .field("secret", &mls_rs_core::debug::pretty_bytes(&self.secret)) .finish() } } diff --git a/mls-rs-crypto-rustcrypto/src/ec.rs b/mls-rs-crypto-rustcrypto/src/ec.rs index ea2e62f83..2270d9603 100644 --- a/mls-rs-crypto-rustcrypto/src/ec.rs +++ b/mls-rs-crypto-rustcrypto/src/ec.rs @@ -332,7 +332,6 @@ impl Debug for KeyPair { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("KeyPair") .field("public", &mls_rs_core::debug::pretty_bytes(&self.public)) - .field("secret", &mls_rs_core::debug::pretty_bytes(&self.secret)) .finish() } } diff --git a/mls-rs-crypto-traits/src/kem.rs b/mls-rs-crypto-traits/src/kem.rs index 32c7de947..a555e5aa8 100644 --- a/mls-rs-crypto-traits/src/kem.rs +++ b/mls-rs-crypto-traits/src/kem.rs @@ -2,6 +2,8 @@ // Copyright by contributors to this project. // SPDX-License-Identifier: (Apache-2.0 OR MIT) +use core::fmt::Debug; + use mls_rs_core::{ crypto::{CipherSuite, HpkePublicKey, HpkeSecretKey}, error::IntoAnyError, @@ -49,13 +51,19 @@ pub trait KemType: Send + Sync + Sized { } /// Struct to represent the output of the kem [encap](KemType::encap) function -#[derive(Clone, Debug, MlsDecode, MlsEncode, MlsSize, ZeroizeOnDrop)] +#[derive(Clone, MlsDecode, MlsEncode, MlsSize, ZeroizeOnDrop)] pub struct KemResult { pub shared_secret: Vec, #[zeroize(skip)] pub enc: Vec, } +impl Debug for KemResult { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + f.debug_struct("KemResult").finish() + } +} + impl KemResult { pub fn new(shared_secret: Vec, enc: Vec) -> Self { Self { shared_secret, enc } diff --git a/mls-rs/src/client_builder.rs b/mls-rs/src/client_builder.rs index 09ee41726..9a8184c85 100644 --- a/mls-rs/src/client_builder.rs +++ b/mls-rs/src/client_builder.rs @@ -28,7 +28,7 @@ use crate::{ }; use alloc::vec::Vec; -use core::time::Duration; +use core::{fmt::Debug, time::Duration}; #[cfg(feature = "sqlite")] use mls_rs_provider_sqlite::{ @@ -173,9 +173,14 @@ pub type BaseSqlConfig = Config< /// } /// /// ``` -#[derive(Debug)] pub struct ClientBuilder(C); +impl Debug for ClientBuilder { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + f.debug_tuple("ClientBuilder").finish() + } +} + impl Default for ClientBuilder { fn default() -> Self { Self::new() diff --git a/mls-rs/src/external_client/builder.rs b/mls-rs/src/external_client/builder.rs index 9e0677aaf..3f481f6b9 100644 --- a/mls-rs/src/external_client/builder.rs +++ b/mls-rs/src/external_client/builder.rs @@ -94,9 +94,14 @@ pub type ExternalBaseConfig = Config; /// } /// /// ``` -#[derive(Debug)] pub struct ExternalClientBuilder(C); +impl Debug for ExternalClientBuilder { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + f.debug_tuple("ExternalClientBuilder").finish() + } +} + impl Default for ExternalClientBuilder { fn default() -> Self { Self::new() diff --git a/mls-rs/src/group/ciphertext_processor/sender_data_key.rs b/mls-rs/src/group/ciphertext_processor/sender_data_key.rs index 005974d18..a15d4d236 100644 --- a/mls-rs/src/group/ciphertext_processor/sender_data_key.rs +++ b/mls-rs/src/group/ciphertext_processor/sender_data_key.rs @@ -53,11 +53,7 @@ pub(crate) struct SenderDataKey<'a, CP: CipherSuiteProvider> { impl Debug for SenderDataKey<'_, CP> { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("SenderDataKey") - .field("key", &mls_rs_core::debug::pretty_bytes(&self.key)) - .field("nonce", &mls_rs_core::debug::pretty_bytes(&self.nonce)) - .field("cipher_suite_provider", self.cipher_suite_provider) - .finish() + f.debug_struct("SenderDataKey").finish() } } diff --git a/mls-rs/src/group/epoch.rs b/mls-rs/src/group/epoch.rs index 186379ee2..0109ff20f 100644 --- a/mls-rs/src/group/epoch.rs +++ b/mls-rs/src/group/epoch.rs @@ -88,9 +88,7 @@ pub(crate) struct SenderDataSecret( impl Debug for SenderDataSecret { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - mls_rs_core::debug::pretty_bytes(&self.0) - .named("SenderDataSecret") - .fmt(f) + f.debug_struct("SenderDataSecret").finish() } } diff --git a/mls-rs/src/group/key_schedule.rs b/mls-rs/src/group/key_schedule.rs index 73f39f24a..8d22180da 100644 --- a/mls-rs/src/group/key_schedule.rs +++ b/mls-rs/src/group/key_schedule.rs @@ -46,25 +46,7 @@ pub struct KeySchedule { impl Debug for KeySchedule { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("KeySchedule") - .field( - "exporter_secret", - &mls_rs_core::debug::pretty_bytes(&self.exporter_secret), - ) - .field( - "authentication_secret", - &mls_rs_core::debug::pretty_bytes(&self.authentication_secret), - ) - .field( - "external_secret", - &mls_rs_core::debug::pretty_bytes(&self.external_secret), - ) - .field( - "membership_key", - &mls_rs_core::debug::pretty_bytes(&self.membership_key), - ) - .field("init_secret", &self.init_secret) - .finish() + f.debug_struct("KeySchedule").finish() } } @@ -341,9 +323,7 @@ pub(crate) struct JoinerSecret(#[mls_codec(with = "mls_rs_codec::byte_vec")] Zer impl Debug for JoinerSecret { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - mls_rs_core::debug::pretty_bytes(&self.0) - .named("JoinerSecret") - .fmt(f) + f.debug_struct("JoinerSecret").finish() } } @@ -399,9 +379,7 @@ pub struct InitSecret( impl Debug for InitSecret { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - mls_rs_core::debug::pretty_bytes(&self.0) - .named("InitSecret") - .fmt(f) + f.debug_struct("InitSecret").finish() } } diff --git a/mls-rs/src/group/proposal.rs b/mls-rs/src/group/proposal.rs index bd28b5590..08fa255a4 100644 --- a/mls-rs/src/group/proposal.rs +++ b/mls-rs/src/group/proposal.rs @@ -231,12 +231,7 @@ pub struct ExternalInit { impl Debug for ExternalInit { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("ExternalInit") - .field( - "kem_output", - &mls_rs_core::debug::pretty_bytes(&self.kem_output), - ) - .finish() + f.debug_struct("ExternalInit").finish() } } diff --git a/mls-rs/src/group/secret_tree.rs b/mls-rs/src/group/secret_tree.rs index 479db2259..9c113837e 100644 --- a/mls-rs/src/group/secret_tree.rs +++ b/mls-rs/src/group/secret_tree.rs @@ -47,9 +47,7 @@ struct TreeSecret( impl Debug for TreeSecret { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - mls_rs_core::debug::pretty_bytes(&self.0) - .named("TreeSecret") - .fmt(f) + f.debug_struct("TreeSecret").finish() } } @@ -334,8 +332,6 @@ pub struct MessageKeyData { impl Debug for MessageKeyData { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("MessageKeyData") - .field("nonce", &mls_rs_core::debug::pretty_bytes(&self.nonce)) - .field("key", &mls_rs_core::debug::pretty_bytes(&self.key)) .field("generation", &self.generation) .finish() } diff --git a/mls-rs/src/psk/secret.rs b/mls-rs/src/psk/secret.rs index 4fe9cc83d..80dbf0956 100644 --- a/mls-rs/src/psk/secret.rs +++ b/mls-rs/src/psk/secret.rs @@ -36,9 +36,7 @@ pub(crate) struct PskSecret(Zeroizing>); impl Debug for PskSecret { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - mls_rs_core::debug::pretty_bytes(&self.0) - .named("PskSecret") - .fmt(f) + f.debug_struct("PskSecret").finish() } } @@ -112,6 +110,7 @@ impl PskSecret { #[cfg(test)] mod tests { use alloc::vec::Vec; + use core::fmt::Debug; #[cfg(not(mls_build_async))] use core::iter; use serde::{Deserialize, Serialize}; @@ -131,7 +130,7 @@ mod tests { use super::{PskSecret, PskSecretInput}; - #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)] + #[derive(Debug, Clone, Deserialize, PartialEq, Serialize)] struct PskInfo { #[serde(with = "hex::serde")] id: Vec, diff --git a/mls-rs/src/tree_kem/path_secret.rs b/mls-rs/src/tree_kem/path_secret.rs index 1bf530142..a90b07ac7 100644 --- a/mls-rs/src/tree_kem/path_secret.rs +++ b/mls-rs/src/tree_kem/path_secret.rs @@ -27,9 +27,7 @@ pub struct PathSecret( impl Debug for PathSecret { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - mls_rs_core::debug::pretty_bytes(&self.0) - .named("PathSecret") - .fmt(f) + f.debug_struct("PathSecret").finish() } }