-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zeroize Key and derived keys upon drop #81
Conversation
Codecov Report
@@ Coverage Diff @@
## master #81 +/- ##
=========================================
Coverage ? 54.21%
=========================================
Files ? 24
Lines ? 1671
Branches ? 0
=========================================
Hits ? 906
Misses ? 765
Partials ? 0
Continue to review full report at Codecov.
|
src/core/receive.rs
Outdated
@@ -104,8 +106,10 @@ impl ReceiveMachine { | |||
phase: &Phase, | |||
body: &[u8], | |||
) -> Option<Vec<u8>> { | |||
let data_key = key::derive_phase_key(&side, &key, &phase); | |||
key::decrypt_data(&data_key, body) | |||
let mut data_key = key::derive_phase_key(&side, &key, &phase); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use Zeroizing
to do zeroize-on-drop automatically:
let mut data_key = key::derive_phase_key(&side, &key, &phase); | |
let mut data_key = Zeroizing::new(key::derive_phase_key(&side, &key, &phase)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, could I change the signature of derive_phase_key
to do that automatically for everything it returns? It currently returns a Vec<u8>
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what would the new signature be? -> Zeroizing<Vec<u8>>
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, dumb question, what's the cleanest way to convert the unit test at line 280-ish, from assert_eq!(hex::encode(dk11), "abcabc..")
? That dk11
was a Vec<u8>
, now it's a Zeroizing<Vec<u8>>
. The compiler is complaining that std::convert::AsRef<[u8]>
is not implemented (hex::encode
is pub fn encode<T: AsRef<[u8]>>(data: T) -> String
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
huh, hex::decode(&*dk11)
worked, but surely that's silly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's doing deref coercion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, so not silly (or at least not too silly to use). thanks!
src/core/send.rs
Outdated
@@ -42,10 +43,11 @@ impl SendMachine { | |||
match event { | |||
GotVerifiedKey(ref key) => { | |||
for (phase, plaintext) in self.queue.drain(..) { | |||
let data_key = | |||
let mut data_key = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can use Zeroizing
here (and below) as well
refs #63
@tarcieri hey, am I using this right?