Skip to content

Commit

Permalink
Implement Zeroize for all types
Browse files Browse the repository at this point in the history
Resolves #5
  • Loading branch information
moCello committed Apr 17, 2024
1 parent 40a2a5d commit 256b4ad
Show file tree
Hide file tree
Showing 7 changed files with 81 additions and 8 deletions.
21 changes: 18 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.2.0] - 2024-02-28

### Changed

- Change the implementation for hashing a slice of bytes into a BlsScalar to `BlsScalar::hash_to_scalar` [#3]
- Check validity of `PublicKey` and `Signature` points in signature verification [#7]

### Added

- Add `is_valid` check for `PublicKey` [#7]
- Add `Error::InvalidPoint` variant for invalid `PublicKey` and `Signature` points [#7]
- Add `Zeroize` trait for `SecretKey` [#5]
- Add `Zeroize` trait for `PublicKey` [#5]
- Add `Zeroize` trait for `APK` [#5]
- Add `Zeroize` trait for `Signature` [#5]

### Removed

- Remove `Copy` trait for `SecretKey` [#5]
- Remove `Copy` trait for `PublicKey` [#5]
- Remove `Copy` trait for `APK` [#5]
- Remove `Copy` trait for `Signature` [#5]

## [0.2.0] - 2024-02-28

### Changed

- Change the implementation for hashing a slice of bytes into a BlsScalar to `BlsScalar::hash_to_scalar` [#3]

## [0.1.0] - 2024-01-08

Expand All @@ -27,6 +41,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

<!-- ISSUES -->
[#7]: https://github.com/dusk-network/bls12_381-bls/issues/7
[#5]: https://github.com/dusk-network/bls12_381-bls/issues/5
[#3]: https://github.com/dusk-network/bls12_381-bls/issues/3

<!-- VERSIONS -->
Expand Down
3 changes: 2 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,14 @@ exclude = [
license = "MPL-2.0"

[dependencies]
dusk-bls12_381 = { version = "0.13", default-features = false, features = ["alloc", "pairings"] }
dusk-bls12_381 = { version = "0.13", default-features = false, features = ["alloc", "pairings", "zeroize"] }
dusk-bytes = "0.1"
rand_core = { version = "0.6", default-features = false }
rkyv = { version = "0.7", optional = true, default-features = false }
bytecheck = { version = "0.6", optional = true, default-features = false }
ff = { version = "0.13", default-features = false }
rayon = { version = "1.8", optional = true }
zeroize = { version = "1", features = ["zeroize_derive"] }

[dev-dependencies]
rand = { version = "0.8", default-features = false, features = ["std_rng"] }
Expand Down
3 changes: 2 additions & 1 deletion src/keys/apk.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ use crate::{Error, PublicKey, SecretKey};

use dusk_bls12_381::G2Projective;
use dusk_bytes::{Error as DuskBytesError, Serializable};
use zeroize::Zeroize;

#[cfg(feature = "rkyv-impl")]
use rkyv::{Archive, Deserialize, Serialize};
Expand All @@ -20,7 +21,7 @@ use rayon::prelude::*;
/// The public keys are aggregated in a rogue-key attack
/// resistant manner, by using the hash function defined
/// in the modified version of BLS.
#[derive(Default, Copy, Clone, Debug, Eq, PartialEq)]
#[derive(Default, Clone, Debug, Eq, PartialEq, Zeroize)]
#[cfg_attr(
feature = "rkyv-impl",
derive(Archive, Deserialize, Serialize),
Expand Down
3 changes: 2 additions & 1 deletion src/keys/public.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ use crate::{Error, SecretKey, Signature};

use dusk_bls12_381::G2Affine;
use dusk_bytes::{Error as DuskBytesError, Serializable};
use zeroize::Zeroize;

#[cfg(feature = "rkyv-impl")]
use rkyv::{Archive, Deserialize, Serialize};
Expand All @@ -17,7 +18,7 @@ use rkyv::{Archive, Deserialize, Serialize};
/// The G2 element is constructed by multiplying a [`SecretKey`]
/// by `g2` (the base point of the G2 group).
/// Can be used for signature verification.
#[derive(Default, Copy, Clone, Debug, Eq, PartialEq)]
#[derive(Default, Clone, Debug, Eq, PartialEq, Zeroize)]
#[cfg_attr(
feature = "rkyv-impl",
derive(Archive, Deserialize, Serialize),
Expand Down
3 changes: 2 additions & 1 deletion src/keys/secret.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,14 @@ use dusk_bls12_381::BlsScalar;
use dusk_bytes::{Error as DuskBytesError, Serializable};
use ff::Field;
use rand_core::{CryptoRng, RngCore};
use zeroize::Zeroize;

#[cfg(feature = "rkyv-impl")]
use rkyv::{Archive, Deserialize, Serialize};

/// A BLS secret key, holding a BLS12-381 scalar inside.
/// Can be used for signing messages.
#[derive(Default, Copy, Clone, Debug, Eq, PartialEq)]
#[derive(Default, Clone, Debug, Eq, PartialEq, Zeroize)]
#[cfg_attr(
feature = "rkyv-impl",
derive(Archive, Deserialize, Serialize),
Expand Down
3 changes: 2 additions & 1 deletion src/signature.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,13 @@ use crate::Error;

use dusk_bls12_381::{G1Affine, G1Projective};
use dusk_bytes::Serializable;
use zeroize::Zeroize;

#[cfg(feature = "rkyv-impl")]
use rkyv::{Archive, Deserialize, Serialize};

/// A BLS signature.
#[derive(Debug, Clone, Copy, Default, Eq, PartialEq)]
#[derive(Debug, Clone, Default, Eq, PartialEq, Zeroize)]
#[cfg_attr(
feature = "rkyv-impl",
derive(Archive, Deserialize, Serialize),
Expand Down
53 changes: 53 additions & 0 deletions tests/zeroize.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
//
// Copyright (c) DUSK NETWORK. All rights reserved.

use bls12_381_bls::{PublicKey, SecretKey, Signature, APK};
use dusk_bls12_381::BlsScalar;
use zeroize::Zeroize;

#[test]
fn secret_key() {
let secret = BlsScalar::from(42);
let mut sk = SecretKey::from(secret);

sk.zeroize();
assert_eq!(sk, SecretKey::default());
}

#[test]
fn public_key() {
let sk = BlsScalar::from(42).into();
let mut pk = PublicKey::from(&sk);

pk.zeroize();
assert_eq!(pk, PublicKey::default());
}

#[test]
fn apk() {
let sk = BlsScalar::from(42).into();
let pk = PublicKey::from(&sk);
let mut apk = APK::from(&pk);

let sk1 = BlsScalar::from(84).into();
let pk1 = PublicKey::from(&sk1);
let sk2 = BlsScalar::from(21).into();
let pk2 = PublicKey::from(&sk2);

apk.aggregate(&[pk1, pk2]);

apk.zeroize();
assert_eq!(apk, APK::default());
}

#[test]
fn signature() {
let sk: SecretKey = BlsScalar::from(42).into();
let mut sig = sk.sign(&PublicKey::from(&sk), &[1, 2, 3, 4]);

sig.zeroize();
assert_eq!(sig, Signature::default());
}

0 comments on commit 256b4ad

Please sign in to comment.