From 9a4cb9c051c5c0a2b8dc47f14459748971585e1a Mon Sep 17 00:00:00 2001
From: moana <moana@dusk.network>
Date: Thu, 8 Feb 2024 15:58:17 +0100
Subject: [PATCH] Impl zeroize::DefaultIsZeroes for all key types

---
 CHANGELOG.md       | 6 ++++++
 Cargo.toml         | 4 +++-
 src/keys/apk.rs    | 3 +++
 src/keys/public.rs | 3 +++
 src/keys/secret.rs | 3 +++
 src/signature.rs   | 3 +++
 6 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b611239..c4da189 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - Change the implementation for hashing a slice of bytes into a BlsScalar to `BlsScalar::hash_to_scalar` [#3]
+- Derive `zeroize::DefaultIsZeroes` for all key types [#5]
+
+### Added
+
+- Add `zeroize` depencency at version "1" [#5]
 
 ## [0.1.0] - 2024-01-08
 
@@ -18,6 +23,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add initial commit, this package continues the development of [dusk-bls12_381-sign](https://github.com/dusk-network/bls12_381-sign/) at version `0.6.0` under the new name: `bls12_381-bls` and without the go related code.
 
 <!-- ISSUES -->
+[#5]: https://github.com/dusk-network/bls12_381-bls/issues/5
 [#3]: https://github.com/dusk-network/bls12_381-bls/issues/3
 
 <!-- VERSIONS -->
diff --git a/Cargo.toml b/Cargo.toml
index 0b19c7a..4d555b8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,13 +15,15 @@ exclude = [
 license = "MPL-2.0"
 
 [dependencies]
-dusk-bls12_381 = { version = "0.13", default-features = false, features = ["alloc", "pairings"] }
+dusk-bls12_381 = { version = "0.13", default-features = false, features = ["alloc", "pairings", "zeroize"] }
 dusk-bytes = "0.1"
 rand_core = { version = "0.6", default-features = false }
 rkyv = { version = "0.7", optional = true, default-features = false }
 bytecheck = { version = "0.6", optional = true, default-features = false }
 ff = { version = "0.13", default-features = false }
 rayon = { version = "1.8", optional = true }
+zeroize = "1"
+# zeroize = { version = "1", fetures = ["derive"] }
 
 [dev-dependencies]
 rand = { version = "0.8", default-features = false, features = ["std_rng"] }
diff --git a/src/keys/apk.rs b/src/keys/apk.rs
index 7fddb0c..d0d2fc3 100644
--- a/src/keys/apk.rs
+++ b/src/keys/apk.rs
@@ -9,6 +9,7 @@ use crate::{Error, PublicKey, SecretKey};
 
 use dusk_bls12_381::G2Projective;
 use dusk_bytes::{Error as DuskBytesError, Serializable};
+use zeroize::DefaultIsZeroes;
 
 #[cfg(feature = "rkyv-impl")]
 use rkyv::{Archive, Deserialize, Serialize};
@@ -28,6 +29,8 @@ use rayon::prelude::*;
 )]
 pub struct APK(PublicKey);
 
+impl DefaultIsZeroes for APK {}
+
 impl Serializable<96> for APK {
     type Error = DuskBytesError;
 
diff --git a/src/keys/public.rs b/src/keys/public.rs
index f7f6d84..74425b4 100644
--- a/src/keys/public.rs
+++ b/src/keys/public.rs
@@ -9,6 +9,7 @@ use crate::{Error, SecretKey, Signature};
 
 use dusk_bls12_381::G2Affine;
 use dusk_bytes::{Error as DuskBytesError, Serializable};
+use zeroize::DefaultIsZeroes;
 
 #[cfg(feature = "rkyv-impl")]
 use rkyv::{Archive, Deserialize, Serialize};
@@ -25,6 +26,8 @@ use rkyv::{Archive, Deserialize, Serialize};
 )]
 pub struct PublicKey(pub(crate) G2Affine);
 
+impl DefaultIsZeroes for PublicKey {}
+
 impl Serializable<96> for PublicKey {
     type Error = DuskBytesError;
 
diff --git a/src/keys/secret.rs b/src/keys/secret.rs
index 020c842..e7bf037 100644
--- a/src/keys/secret.rs
+++ b/src/keys/secret.rs
@@ -11,6 +11,7 @@ use dusk_bls12_381::BlsScalar;
 use dusk_bytes::{Error as DuskBytesError, Serializable};
 use ff::Field;
 use rand_core::{CryptoRng, RngCore};
+use zeroize::DefaultIsZeroes;
 
 #[cfg(feature = "rkyv-impl")]
 use rkyv::{Archive, Deserialize, Serialize};
@@ -25,6 +26,8 @@ use rkyv::{Archive, Deserialize, Serialize};
 )]
 pub struct SecretKey(pub(crate) BlsScalar);
 
+impl DefaultIsZeroes for SecretKey {}
+
 impl From<BlsScalar> for SecretKey {
     fn from(s: BlsScalar) -> SecretKey {
         SecretKey(s)
diff --git a/src/signature.rs b/src/signature.rs
index 8cb967d..2dd1398 100644
--- a/src/signature.rs
+++ b/src/signature.rs
@@ -8,6 +8,7 @@ use crate::Error;
 
 use dusk_bls12_381::{G1Affine, G1Projective};
 use dusk_bytes::Serializable;
+use zeroize::DefaultIsZeroes;
 
 #[cfg(feature = "rkyv-impl")]
 use rkyv::{Archive, Deserialize, Serialize};
@@ -21,6 +22,8 @@ use rkyv::{Archive, Deserialize, Serialize};
 )]
 pub struct Signature(pub(crate) G1Affine);
 
+impl DefaultIsZeroes for Signature {}
+
 impl Signature {
     /// Aggregate a set of signatures by simply adding up the points.
     pub fn aggregate(&self, sigs: &[Signature]) -> Self {