ed448: zeroize key material (#855)

RustCrypto · Sep 5, 2024 · 4da24fb · 4da24fb
1 parent 0133af9
commit 4da24fb
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/ed448/Cargo.toml b/ed448/Cargo.toml
@@ -25,6 +25,7 @@ signature = { version = "=2.3.0-pre.4", default-features = false }
 pkcs8 = { version = "=0.11.0-rc.0", optional = true }
 serde = { version = "1", optional = true, default-features = false }
 serde_bytes = { version = "0.11", optional = true }
+zeroize = { version = "1", optional = true, default-features = false }
 
 [dev-dependencies]
 hex-literal = "0.4"

diff --git a/ed448/src/pkcs8.rs b/ed448/src/pkcs8.rs
@@ -24,6 +24,9 @@ pub use pkcs8::{spki::EncodePublicKey, EncodePrivateKey};
 #[cfg(feature = "alloc")]
 pub use pkcs8::der::{asn1::BitStringRef, Document, SecretDocument};
 
+#[cfg(feature = "zeroize")]
+use zeroize::Zeroize;
+
 use core::fmt;
 
 /// Algorithm [`ObjectIdentifier`] for the Ed448 digital signature algorithm
@@ -103,11 +106,17 @@ impl KeypairBytes {
     }
 }
 
+impl Drop for KeypairBytes {
+    fn drop(&mut self) {
+        #[cfg(feature = "zeroize")]
+        self.secret_key.zeroize()
+    }
+}
+
 #[cfg(feature = "alloc")]
 impl EncodePrivateKey for KeypairBytes {
     fn to_pkcs8_der(&self) -> Result<SecretDocument> {
         // Serialize private key as nested OCTET STRING
-        // TODO(tarcieri): zeroize `private_key`
         let mut private_key = [0u8; 2 + (Self::BYTE_SIZE / 2)];
         private_key[0] = 0x04;
         private_key[1] = 0x39;
@@ -118,8 +127,12 @@ impl EncodePrivateKey for KeypairBytes {
             private_key: &private_key,
             public_key: self.public_key.as_ref().map(|pk| pk.0.as_slice()),
         };
+        let result = SecretDocument::encode_msg(&private_key_info)?;
+
+        #[cfg(feature = "zeroize")]
+        private_key.zeroize();
 
-        Ok(SecretDocument::encode_msg(&private_key_info)?)
+        Ok(result)
     }
 }