feat: Use the zeroize crate for zeroization

This commit is contained in:
Karolin Varner
2023-11-30 14:13:19 +01:00
committed by Karolin Varner
parent cf132bca11
commit 85a61808de
4 changed files with 14 additions and 14 deletions

1
Cargo.lock generated
View File

@@ -1126,6 +1126,7 @@ dependencies = [
"rosenpass-sodium",
"rosenpass-to",
"rosenpass-util",
"zeroize",
]
[[package]]

View File

@@ -16,3 +16,4 @@ rosenpass-sodium = { workspace = true }
rosenpass-util = { workspace = true }
libsodium-sys-stable = { workspace = true }
lazy_static = { workspace = true }
zeroize = { workspace = true }

View File

@@ -6,6 +6,7 @@ use rosenpass_util::{
file::{fopen_r, LoadValue, LoadValueB64, ReadExactToEnd},
functional::mutating,
};
use zeroize::{Zeroize, ZeroizeOnDrop};
use std::{
collections::HashMap, convert::TryInto, fmt, os::raw::c_void, path::Path, ptr::null_mut,
@@ -74,7 +75,7 @@ impl SecretMemoryPool {
///
/// # Safety
///
/// This function contains an unsafe call to [libsodium::sodium_malloc].
/// This function contains an unsafe call to [libsodium_sys::sodium_malloc].
/// This call has no known safety invariants, thus nothing can go wrong™.
/// However, just like normal `malloc()` this can return a null ptr. Thus
/// the returned pointer is checked for null; causing the program to panic
@@ -100,8 +101,8 @@ impl Drop for SecretMemoryPool {
/// # Safety
///
/// The drop implementation frees the contained elements using
/// [libsodium::sodium_free]. This is safe as long as every `*mut c_void`
/// contained was initialized with a call to [libsodium::sodium_malloc]
/// [libsodium_sys::sodium_free]. This is safe as long as every `*mut c_void`
/// contained was initialized with a call to [libsodium_sys::sodium_malloc]
fn drop(&mut self) {
for ptr in self.pool.drain().flat_map(|(_, x)| x.into_iter()) {
unsafe {
@@ -119,7 +120,7 @@ unsafe impl Send for SecretMemoryPool {}
/// Store for a secret
///
/// Uses memory allocated with [libsodium::sodium_malloc],
/// Uses memory allocated with [libsodium_sys::sodium_malloc],
/// esentially can do the same things as `[u8; N].as_mut_ptr()`.
pub struct Secret<const N: usize> {
ptr: *mut c_void,
@@ -164,11 +165,6 @@ impl<const N: usize> Secret<N> {
mutating(Self::zero(), |r| r.randomize())
}
/// Sets all data of an existing secret to null bytes
pub fn zeroize(&mut self) {
rosenpass_sodium::helpers::memzero(self.secret_mut());
}
/// Sets all data an existing secret to random bytes
pub fn randomize(&mut self) {
rosenpass_sodium::helpers::randombytes_buf(self.secret_mut());
@@ -204,6 +200,13 @@ impl<const N: usize> fmt::Debug for Secret<N> {
}
}
impl<const N: usize> ZeroizeOnDrop for Secret<N> {}
impl<const N: usize> Zeroize for Secret<N> {
fn zeroize(&mut self) {
self.secret_mut().zeroize();
}
}
impl<const N: usize> LoadValue for Secret<N> {
type Error = anyhow::Error;

View File

@@ -32,11 +32,6 @@ pub fn randombytes_buf(buf: &mut [u8]) {
unsafe { libsodium::randombytes_buf(buf.as_mut_ptr() as *mut c_void, buf.len()) };
}
#[inline]
pub fn memzero(buf: &mut [u8]) {
unsafe { libsodium::sodium_memzero(buf.as_mut_ptr() as *mut c_void, buf.len()) };
}
// Choose a fully random u64
// TODO: Replace with ::rand::random
pub fn rand_u64() -> u64 {