Avoid cloning secret keys during generation

spruceid · Feb 21, 2022 · 3b38aaa · 3b38aaa
1 parent 6a33a85
commit 3b38aaa
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 12 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -72,8 +72,8 @@ keccak-hash = { version = "0.7", optional = true }
 # TODO make this optional, or remove it
 ecdsa = "0.11.1"
 digest = "0.9"
-k256 = { version = "0.8", optional = true, features = ["zeroize", "ecdsa"] }
-p256 = { version = "0.8", optional = true, features = ["zeroize", "ecdsa"] }
+k256 = { version = "0.9.6", optional = true, features = ["zeroize", "ecdsa"] }
+p256 = { version = "0.9.0", optional = true, features = ["zeroize", "ecdsa"] }
 ssi-contexts = { version = "0.1.2", path = "contexts/" }
 ripemd160 = { version = "0.9", optional = true }
 sshkeys = "0.3"

diff --git a/did-key/Cargo.toml b/did-key/Cargo.toml
@@ -20,8 +20,8 @@ ssi = { version = "0.3", path = "../", default-features = false }
 async-trait = "0.1"
 thiserror = "1.0"
 multibase = "0.8"
-k256 = { version = "0.8", optional = true, features = ["zeroize", "ecdsa"] }
-p256 = { version = "0.8", optional = true, features = ["zeroize", "ecdsa"] }
+k256 = { version = "0.9.6", optional = true, features = ["zeroize", "ecdsa"] }
+p256 = { version = "0.9.0", optional = true, features = ["zeroize", "ecdsa"] }
 serde_json = "1.0"
 simple_asn1 = "^0.5.2"
 

diff --git a/src/jwk.rs b/src/jwk.rs
@@ -266,12 +266,10 @@ impl JWK {
  pub fn generate_ed25519() -> Result<JWK, Error> {
  let mut csprng = rand_old::rngs::OsRng {};
  let keypair = ed25519_dalek::Keypair::generate(&mut csprng);
- let sk_bytes = keypair.secret.to_bytes();
- let pk_bytes = keypair.public.to_bytes();
  Ok(JWK::from(Params::OKP(OctetParams {
  curve: "Ed25519".to_string(),
- public_key: Base64urlUInt(pk_bytes.to_vec()),
- private_key: Some(Base64urlUInt(sk_bytes.to_vec())),
+ public_key: Base64urlUInt(keypair.public.as_ref().to_vec()),
+ private_key: Some(Base64urlUInt(keypair.secret.as_ref().to_vec())),
  })))
  }
 
@@ -280,10 +278,10 @@ impl JWK {
  let mut rng = rand::rngs::OsRng {};
  let secret_key = k256::SecretKey::random(&mut rng);
  // SecretKey zeroizes on drop
- let sk_bytes = secret_key.to_bytes().to_vec();
+ let sk_bytes: &[u8] = secret_key.as_scalar_bytes().as_ref();
  let public_key = secret_key.public_key();
  let mut ec_params = ECParams::try_from(&public_key)?;
- ec_params.ecc_private_key = Some(Base64urlUInt(sk_bytes));
+ ec_params.ecc_private_key = Some(Base64urlUInt(sk_bytes.to_vec()));
  Ok(JWK::from(Params::EC(ec_params)))
  }
 
@@ -292,10 +290,10 @@ impl JWK {
  let mut rng = rand::rngs::OsRng {};
  let secret_key = p256::SecretKey::random(&mut rng);
  // SecretKey zeroizes on drop
- let sk_bytes = secret_key.to_bytes().to_vec();
+ let sk_bytes: &[u8] = secret_key.as_scalar_bytes().as_ref();
  let public_key: p256::PublicKey = secret_key.public_key();
  let mut ec_params = ECParams::try_from(&public_key)?;
- ec_params.ecc_private_key = Some(Base64urlUInt(sk_bytes));
+ ec_params.ecc_private_key = Some(Base64urlUInt(sk_bytes.to_vec()));
  Ok(JWK::from(Params::EC(ec_params)))
  }