Skip to content

Add feature zeroize #262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Add feature zeroize #262

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ secp256k1-sys = { version = "0.4.0", default-features = false, path = "./secp256
bitcoin_hashes = { version = "0.9", optional = true }
rand = { version = "0.6", default-features = false, optional = true }
serde = { version = "1.0", default-features = false, optional = true }

zeroize = { version = "1.2", default-features = false, optional = true }

[dev-dependencies]
rand = "0.6"
Expand Down
14 changes: 14 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,20 @@ before_script:
fi
```

## Zeroize

Zeroizing secrets is supported using the `zeroize` feature. Enabling this
feature changes the MSRV to 1.44 (see https://docs.rs/zeroize/1.2.0/zeroize/).

The aim of the `zeroize` feature is to allow users of this library to reduce the
number of copies of secrets in memory (by wrapping our types, implementing
`Zeroize` and implementing `Drop` (i.e. derive `Zeroize`). Our aim is not to
guarantee that there are no copies left un-zeroed in memory. Internally we
absolutely do leave secrets on the stack.

> I think even zeroing some out the copies is better than none, because every
> copy makes a Heartbleed-like attack a little easier.

## Fuzzing

If you want to fuzz this library, or any library which depends on it, you will
Expand Down
8 changes: 8 additions & 0 deletions secp256k1-sys/src/macros.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,14 @@ macro_rules! impl_array_newtype {
}
}

#[cfg(feature = "zeroize")]
impl zeroize::Zeroize for $thing {
fn zeroize(&mut self) {
let &mut $thing(ref mut dat) = self;
dat.zeroize()
}
}

impl ::core::ops::Index<usize> for $thing {
type Output = $ty;

Expand Down
16 changes: 16 additions & 0 deletions src/key.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -850,4 +850,20 @@ mod test {
assert_tokens(&pk.compact(), &[Token::BorrowedBytes(&PK_BYTES[..])]);
assert_tokens(&pk.readable(), &[Token::BorrowedStr(PK_STR)]);
}

#[cfg(feature = "zeroize")]
#[test]
fn zeroize_secret_key() {
use zeroize::Zeroize;

let mut sk = SecretKey::new(&mut thread_rng());
sk.zeroize();

let ptr = &sk.0[0];

for _ in 0..32 {
assert_eq!(*ptr, 0x00);
}
}
}

1 change: 1 addition & 0 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ pub use secp256k1_sys as ffi;
#[cfg(any(test, feature = "rand"))] use rand::Rng;
#[cfg(any(test, feature = "std"))] extern crate core;
#[cfg(all(test, target_arch = "wasm32"))] extern crate wasm_bindgen_test;
#[cfg(feature = "zeroize")] extern crate zeroize;

use core::{fmt, ptr, str};

Expand Down