Implement Zeroize

Introduce new dependency `zeroize`. Implement `Zeroize` for our array
types with the `impl_array_newtype` macro. Add a unit test that test a
newly create `SecretKey` is zeroized after calling `zeroize()` on it.

Author: tcharding

Cargo.toml

@@ -31,7 +31,7 @@ secp256k1-sys = { version = "0.3.1", default-features = false, path = "./secp256
 bitcoin_hashes = { version = "0.9", optional = true }
 rand = { version = "0.6", default-features = false, optional = true }
 serde = { version = "1.0", default-features = false, optional = true }
-
+zeroize = { version = "1.2", default-features = false, optional = true }
 
 [dev-dependencies]
 rand = "0.6"

secp256k1-sys/src/macros.rs

@@ -83,6 +83,14 @@ macro_rules! impl_array_newtype {
             }
         }
 
+        #[cfg(feature = "zeroize")]
+        impl zeroize::Zeroize for $thing {
+            fn zeroize(&mut self) {
+                let &mut $thing(ref mut dat) = self;
+                dat.zeroize()
+            }
+        }
+
         impl ::core::ops::Index<usize> for $thing {
             type Output = $ty;
 

src/key.rs

@@ -850,4 +850,20 @@ mod test {
         assert_tokens(&pk.compact(), &[Token::BorrowedBytes(&PK_BYTES[..])]);
         assert_tokens(&pk.readable(), &[Token::BorrowedStr(PK_STR)]);
     }
+
+    #[cfg(feature = "zeroize")]
+    #[test]
+    fn zeroize_secret_key() {
+        use zeroize::Zeroize;
+
+        let mut sk = SecretKey::new(&mut thread_rng());
+        sk.zeroize();
+
+        let ptr = &sk.0[0];
+
+        for _ in 0..32 {
+            assert_eq!(*ptr, 0x00);
+        }
+    }
 }
+

src/lib.rs

@@ -135,6 +135,7 @@ pub use secp256k1_sys as ffi;
 #[cfg(any(test, feature = "rand"))] use rand::Rng;
 #[cfg(any(test, feature = "std"))] extern crate core;
 #[cfg(all(test, target_arch = "wasm32"))] extern crate wasm_bindgen_test;
+#[cfg(feature = "zeroize")] extern crate zeroize;
 
 use core::{fmt, ptr, str};