Skip to content

Commit

Permalink
Implement Zeroize for SecretKey
Browse files Browse the repository at this point in the history
Resolves #5
  • Loading branch information
moCello committed Apr 22, 2024
1 parent 40a2a5d commit 9c65d8a
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 6 deletions.
15 changes: 12 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.2.0] - 2024-02-28

### Changed

- Change the implementation for hashing a slice of bytes into a BlsScalar to `BlsScalar::hash_to_scalar` [#3]
- Check validity of `PublicKey` and `Signature` points in signature verification [#7]

### Added

- Add `is_valid` check for `PublicKey` [#7]
- Add `Error::InvalidPoint` variant for invalid `PublicKey` and `Signature` points [#7]
- Add `Zeroize` trait for `SecretKey` [#5]

### Removed

- Remove `Copy` trait for `SecretKey` [#5]

## [0.2.0] - 2024-02-28

### Changed

- Change the implementation for hashing a slice of bytes into a BlsScalar to `BlsScalar::hash_to_scalar` [#3]

## [0.1.0] - 2024-01-08

Expand All @@ -27,6 +35,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

<!-- ISSUES -->
[#7]: https://github.com/dusk-network/bls12_381-bls/issues/7
[#5]: https://github.com/dusk-network/bls12_381-bls/issues/5
[#3]: https://github.com/dusk-network/bls12_381-bls/issues/3

<!-- VERSIONS -->
Expand Down
3 changes: 2 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,14 @@ exclude = [
license = "MPL-2.0"

[dependencies]
dusk-bls12_381 = { version = "0.13", default-features = false, features = ["alloc", "pairings"] }
dusk-bls12_381 = { version = "0.13", default-features = false, features = ["alloc", "pairings", "zeroize"] }
dusk-bytes = "0.1"
rand_core = { version = "0.6", default-features = false }
rkyv = { version = "0.7", optional = true, default-features = false }
bytecheck = { version = "0.6", optional = true, default-features = false }
ff = { version = "0.13", default-features = false }
rayon = { version = "1.8", optional = true }
zeroize = { version = "1", features = ["zeroize_derive"] }

[dev-dependencies]
rand = { version = "0.8", default-features = false, features = ["std_rng"] }
Expand Down
3 changes: 2 additions & 1 deletion src/keys/secret.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,14 @@ use dusk_bls12_381::BlsScalar;
use dusk_bytes::{Error as DuskBytesError, Serializable};
use ff::Field;
use rand_core::{CryptoRng, RngCore};
use zeroize::Zeroize;

#[cfg(feature = "rkyv-impl")]
use rkyv::{Archive, Deserialize, Serialize};

/// A BLS secret key, holding a BLS12-381 scalar inside.
/// Can be used for signing messages.
#[derive(Default, Copy, Clone, Debug, Eq, PartialEq)]
#[derive(Default, Clone, Debug, Eq, PartialEq, Zeroize)]
#[cfg_attr(
feature = "rkyv-impl",
derive(Archive, Deserialize, Serialize),
Expand Down
2 changes: 1 addition & 1 deletion src/signature.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ use dusk_bytes::Serializable;
use rkyv::{Archive, Deserialize, Serialize};

/// A BLS signature.
#[derive(Debug, Clone, Copy, Default, Eq, PartialEq)]
#[derive(Default, Copy, Clone, Debug, Eq, PartialEq)]
#[cfg_attr(
feature = "rkyv-impl",
derive(Archive, Deserialize, Serialize),
Expand Down
18 changes: 18 additions & 0 deletions tests/zeroize.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
//
// Copyright (c) DUSK NETWORK. All rights reserved.

use bls12_381_bls::SecretKey;
use dusk_bls12_381::BlsScalar;
use zeroize::Zeroize;

#[test]
fn secret_key() {
let secret = BlsScalar::from(42);
let mut sk = SecretKey::from(secret);

sk.zeroize();
assert_eq!(sk, SecretKey::default());
}

0 comments on commit 9c65d8a

Please sign in to comment.