Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Zeroize for SecretKey #158

Merged
merged 1 commit into from
Apr 24, 2024
Merged

Implement Zeroize for SecretKey #158

merged 1 commit into from
Apr 24, 2024

Conversation

moCello
Copy link
Member

@moCello moCello commented Apr 23, 2024

Resolves #155

@moCello moCello marked this pull request as ready for review April 24, 2024 14:02
@moCello moCello requested review from xevisalle, HDauven and ureeves and removed request for xevisalle April 24, 2024 14:02
ureeves
ureeves approved these changes Apr 24, 2024
View reviewed changes
Copy link
Member

@ureeves ureeves left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seeing all the PublicKey::from(&sk) make me feel there should be a SecretKey::public function. That said, not the purpose here. LGTM

src/keys/view.rs
Comment on lines -80 to -85
impl From<SecretKey> for ViewKey {
fn from(sk: SecretKey) -> Self {
Self::from(&sk)
}
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's quite the catch on the by-copy. Nice

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indeed! Will have some ripple effects downstream, but good ones!

HDauven
HDauven approved these changes Apr 24, 2024
View reviewed changes
Copy link
Member

@HDauven HDauven left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@moCello moCello merged commit 9727fed into master Apr 24, 2024
5 checks passed
@moCello moCello deleted the mocello/155_zeroize branch April 24, 2024 14:13
Daksh14
Daksh14 reviewed Apr 24, 2024
View reviewed changes
src/keys/secret.rs
///
/// To ensure that no secret information lingers in memory after the variable
/// goes out of scope, we advice calling `zeroize` before the variable goes out
/// of scope.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would implementing Drop and calling zeroize there solve this problem?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sadly not. I investigated the problem in our bls signature library: dusk-network/bls12_381-bls#6
long story short: rust still often copies values internally, so the zeroize on drop often doesn't result in actually erasing the desired values.

@moCello moCello mentioned this pull request Jun 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Daksh14 Daksh14 Daksh14 left review comments

@HDauven HDauven HDauven approved these changes

@ureeves ureeves ureeves approved these changes

@xevisalle xevisalle Awaiting requested review from xevisalle

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secret values not erased
4 participants
@moCello @HDauven @Daksh14 @ureeves