Added zeroize (not complete yet) and moved to new repo.

2021-06-16 11:03:37 +02:00 · 2021-06-16 11:03:37 +02:00 · 9083a269b6
commit 9083a269b6
parent 638e469fc2
6 changed files with 78 additions and 14 deletions
--- a/src/dh.rs
+++ b/src/dh.rs
@ -8,11 +8,26 @@ use alloc::vec::Vec;
 use alloc::string::ToString;
 use p256::elliptic_curve::ecdh::diffie_hellman;

+use zeroize::Zeroize;
+
 pub struct DhKeyPair {
    pub private_key: SecretKey,
    pub public_key: PublicKey,
 }

+impl Drop for DhKeyPair {
+    fn drop(&mut self) {
+        core::mem::drop(&mut self.private_key);
+        core::mem::drop(&mut self.public_key);
+    }
+}
+
+impl Zeroize for DhKeyPair {
+    fn zeroize(&mut self) {
+        core::mem::drop(self);
+    }
+}
+
 impl DhKeyPair {
    fn ex_public_key_bytes(&self) -> Vec<u8> {
        self.public_key.to_string().as_bytes().to_vec()
@ -49,7 +64,7 @@ impl Default for DhKeyPair {
 impl DhKeyPair {
    pub fn new() -> Self {
        let secret = SecretKey::random(&mut OsRng);
-        let public = PublicKey::from_secret_scalar(&secret.secret_scalar());
+        let public = PublicKey::from_secret_scalar(&secret.to_secret_scalar());
        DhKeyPair {
            private_key: secret,
            public_key: public,
@ -57,7 +72,7 @@ impl DhKeyPair {
    }

    pub fn key_agreement(&self, public_key: &PublicKey) -> SharedSecret {
-        diffie_hellman(self.private_key.secret_scalar(), public_key.as_affine())
+        diffie_hellman(self.private_key.to_secret_scalar(), public_key.as_affine())
    }
 }

--- a/src/header.rs
+++ b/src/header.rs
@ -10,15 +10,17 @@ use aes_gcm_siv::aead::{NewAead, AeadInPlace};
 use crate::dh::gen_key_pair;
 use alloc::string::{ToString, String};
 use core::str::FromStr;
+use zeroize::Zeroize;

-#[derive(Debug, Copy, Clone)]
+#[derive(Debug, Clone)]
 pub struct Header {
    pub public_key: PublicKey,
    pub pn: usize, // Previous Chain Length
    pub n: usize, // Message Number
 }

-#[derive(Serialize, Deserialize, Debug)]
+#[derive(Serialize, Deserialize, Debug, Zeroize)]
+#[zeroize(drop)]
 struct ExHeader {
    #[serde(with = "serde_bytes")]
    ad: Vec<u8>,
@ -82,7 +84,7 @@ impl Header {
 impl From<Vec<u8>> for Header {
    fn from(d: Vec<u8>) -> Self {
        let ex_header: ExHeader = bincode::deserialize(&d).unwrap();
-        let public_key_string = String::from_utf8(ex_header.public_key).unwrap();
+        let public_key_string = String::from_utf8(ex_header.public_key.clone()).unwrap();
        Header {
            public_key: PublicKey::from_str(&public_key_string).unwrap(),
            pn: ex_header.pn,
@ -94,7 +96,7 @@ impl From<Vec<u8>> for Header {
 impl From<&[u8]> for Header {
    fn from(d: &[u8]) -> Self {
        let ex_header: ExHeader = bincode::deserialize(d).unwrap();
-        let public_key_string = String::from_utf8(ex_header.public_key).unwrap();
+        let public_key_string = String::from_utf8(ex_header.public_key.clone()).unwrap();
        Header {
            public_key: PublicKey::from_str(&public_key_string).unwrap(),
            pn: ex_header.pn,
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1,6 +1,6 @@
 //! [![Crate](https://img.shields.io/crates/v/double-ratchet-2)](https://crates.io/crates/double-ratchet-2)
-//! [![License](https://img.shields.io/github/license/Decentrailzed-Communication-System/double-ratchet-2)](https://github.com/Decentrailzed-Communication-System/double-ratchet-2/blob/main/LICENSE)
-//! [![Actions](https://img.shields.io/github/workflow/status/Decentrailzed-Communication-System/double-ratchet-2/Rust)](https://github.com/Decentrailzed-Communication-System/double-ratchet-2/actions)
+//! [![License](https://img.shields.io/github/license/Dione-Software/double-ratchet-2)](https://github.com/Dione-Software/double-ratchet-2/blob/main/LICENSE)
+//! [![Actions](https://img.shields.io/github/workflow/status/Dione-Software/double-ratchet-2/Rust)](https://github.com/Dione-Software/double-ratchet-2/actions)
 //!
 //! Implementation of the double ratchet system/encryption as specified by [Signal][1].
 //!
--- a/src/ratchet.rs
+++ b/src/ratchet.rs
@ -10,6 +10,7 @@ use alloc::vec::Vec;
 use crate::kdf_chain::kdf_ck;
 use crate::aead::{encrypt, decrypt};
 use alloc::string::ToString;
+use zeroize::Zeroize;

 const MAX_SKIP: usize = 100;

@ -28,6 +29,25 @@ pub struct Ratchet {
    mkskipped: HashMap<(Vec<u8>, usize), [u8; 32]>,
 }

+impl Drop for Ratchet {
+    fn drop(&mut self) {
+        core::mem::drop(&mut self.dhs);
+        match self.dhr {
+            Some(d) => {
+                core::mem::drop(d);
+            },
+            None => {}
+        }
+        self.rk.zeroize();
+        self.ckr.zeroize();
+        self.cks.zeroize();
+        self.ns.zeroize();
+        self.nr.zeroize();
+        self.pn.zeroize();
+        self.mkskipped.clear();
+    }
+}
+
 impl Ratchet {
    /// Init Ratchet with other [PublicKey]. Initialized second.
    pub fn init_alice(sk: [u8; 32], bob_dh_public_key: PublicKey) -> Self {
@ -158,6 +178,31 @@ pub struct RatchetEncHeader {
    mkskipped: HashMap<(Option<[u8; 32]>, usize), [u8; 32]>
 }

+impl Zeroize for RatchetEncHeader {
+    fn zeroize(&mut self) {
+        self.dhs.zeroize();
+        core::mem::drop(self.dhr);
+        self.rk.zeroize();
+        self.cks.zeroize();
+        self.ckr.zeroize();
+        self.ns.zeroize();
+        self.nr.zeroize();
+        self.pn.zeroize();
+        self.hks.zeroize();
+        self.hkr.zeroize();
+        self.nhks.zeroize();
+        self.nhkr.zeroize();
+        self.mkskipped.clear();
+
+    }
+}
+
+impl Drop for RatchetEncHeader {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 impl RatchetEncHeader {
    pub fn init_alice(sk: [u8; 32],
                      bob_dh_public_key: PublicKey,