diff --git a/CHANGELOG.md b/CHANGELOG.md index 2258e99..e97bae0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,17 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [0.2.0] - 2024-02-28 - ### Changed -- Change the implementation for hashing a slice of bytes into a BlsScalar to `BlsScalar::hash_to_scalar` [#3] - Check validity of `PublicKey` and `Signature` points in signature verification [#7] ### Added - Add `is_valid` check for `PublicKey` [#7] - Add `Error::InvalidPoint` variant for invalid `PublicKey` and `Signature` points [#7] +- Add `Zeroize` trait for `SecretKey` [#5] + +### Removed + +- Remove `Copy` trait for `SecretKey` [#5] + +## [0.2.0] - 2024-02-28 + +### Changed + +- Change the implementation for hashing a slice of bytes into a BlsScalar to `BlsScalar::hash_to_scalar` [#3] ## [0.1.0] - 2024-01-08 @@ -27,6 +35,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [#7]: https://github.com/dusk-network/bls12_381-bls/issues/7 +[#5]: https://github.com/dusk-network/bls12_381-bls/issues/5 [#3]: https://github.com/dusk-network/bls12_381-bls/issues/3 diff --git a/Cargo.toml b/Cargo.toml index b2b6a19..5bece38 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,13 +15,14 @@ exclude = [ license = "MPL-2.0" [dependencies] -dusk-bls12_381 = { version = "0.13", default-features = false, features = ["alloc", "pairings"] } +dusk-bls12_381 = { version = "0.13", default-features = false, features = ["alloc", "pairings", "zeroize"] } dusk-bytes = "0.1" rand_core = { version = "0.6", default-features = false } rkyv = { version = "0.7", optional = true, default-features = false } bytecheck = { version = "0.6", optional = true, default-features = false } ff = { version = "0.13", default-features = false } rayon = { version = "1.8", optional = true } +zeroize = { version = "1", features = ["zeroize_derive"] } [dev-dependencies] rand = { version = "0.8", default-features = false, features = ["std_rng"] } diff --git a/src/keys/secret.rs b/src/keys/secret.rs index 020c842..f33084d 100644 --- a/src/keys/secret.rs +++ b/src/keys/secret.rs @@ -11,13 +11,14 @@ use dusk_bls12_381::BlsScalar; use dusk_bytes::{Error as DuskBytesError, Serializable}; use ff::Field; use rand_core::{CryptoRng, RngCore}; +use zeroize::Zeroize; #[cfg(feature = "rkyv-impl")] use rkyv::{Archive, Deserialize, Serialize}; /// A BLS secret key, holding a BLS12-381 scalar inside. /// Can be used for signing messages. -#[derive(Default, Copy, Clone, Debug, Eq, PartialEq)] +#[derive(Default, Clone, Debug, Eq, PartialEq, Zeroize)] #[cfg_attr( feature = "rkyv-impl", derive(Archive, Deserialize, Serialize), diff --git a/src/signature.rs b/src/signature.rs index 93a4e23..b3b04c3 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -13,7 +13,7 @@ use dusk_bytes::Serializable; use rkyv::{Archive, Deserialize, Serialize}; /// A BLS signature. -#[derive(Debug, Clone, Copy, Default, Eq, PartialEq)] +#[derive(Default, Copy, Clone, Debug, Eq, PartialEq)] #[cfg_attr( feature = "rkyv-impl", derive(Archive, Deserialize, Serialize), diff --git a/tests/zeroize.rs b/tests/zeroize.rs new file mode 100644 index 0000000..3b43b7d --- /dev/null +++ b/tests/zeroize.rs @@ -0,0 +1,18 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// +// Copyright (c) DUSK NETWORK. All rights reserved. + +use bls12_381_bls::SecretKey; +use dusk_bls12_381::BlsScalar; +use zeroize::Zeroize; + +#[test] +fn secret_key() { + let secret = BlsScalar::from(42); + let mut sk = SecretKey::from(secret); + + sk.zeroize(); + assert_eq!(sk, SecretKey::default()); +}