Skip to content

Commit

Permalink
WIP implement zeroize for SecretKey
Browse files Browse the repository at this point in the history
  • Loading branch information
moCello committed Feb 19, 2024
1 parent 56b9ffa commit dee7b94
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 8 deletions.
1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ rkyv = { version = "0.7", optional = true, default-features = false }
bytecheck = { version = "0.6", optional = true, default-features = false }
ff = { version = "0.13", default-features = false }
rayon = { version = "1.8", optional = true }
zeroize = "1"

[dev-dependencies]
rand = { version = "0.8", default-features = false, features = ["std_rng"] }
Expand Down
2 changes: 1 addition & 1 deletion src/keys/public.rs
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ impl From<&SecretKey> for PublicKey {
/// pk = g_2 * sk
fn from(sk: &SecretKey) -> Self {
let g_2 = G2Affine::generator();
let gx = g_2 * sk.0;
let gx = g_2 * sk.as_ref();

Self(gx.into())
}
Expand Down
58 changes: 51 additions & 7 deletions src/keys/secret.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,36 +4,39 @@
//
// Copyright (c) DUSK NETWORK. All rights reserved.

use alloc::boxed::Box;

use crate::hash::{h0, h1};
use crate::{PublicKey, Signature};

use dusk_bls12_381::BlsScalar;
use dusk_bytes::{Error as DuskBytesError, Serializable};
use ff::Field;
use rand_core::{CryptoRng, RngCore};
use zeroize::{Zeroize, ZeroizeOnDrop};

#[cfg(feature = "rkyv-impl")]
use rkyv::{Archive, Deserialize, Serialize};

/// A BLS secret key, holding a BLS12-381 scalar inside.
/// Can be used for signing messages.
#[derive(Default, Copy, Clone, Debug, Eq, PartialEq)]
#[derive(Default, Clone, Debug, Eq, PartialEq)]
#[cfg_attr(
feature = "rkyv-impl",
derive(Archive, Deserialize, Serialize),
archive_attr(derive(bytecheck::CheckBytes))
)]
pub struct SecretKey(pub(crate) BlsScalar);
pub struct SecretKey(Box<BlsScalar>);

impl From<BlsScalar> for SecretKey {
fn from(s: BlsScalar) -> SecretKey {
SecretKey(s)
SecretKey(Box::new(s))
}
}

impl From<&BlsScalar> for SecretKey {
fn from(s: &BlsScalar) -> SecretKey {
SecretKey(*s)
SecretKey(Box::new(*s))
}
}

Expand All @@ -49,7 +52,7 @@ impl SecretKey {
where
T: RngCore + CryptoRng,
{
Self(BlsScalar::random(&mut *rand))
Self(Box::new(BlsScalar::random(&mut *rand)))
}
}

Expand All @@ -62,7 +65,7 @@ impl Serializable<32> for SecretKey {

fn from_bytes(bytes: &[u8; Self::SIZE]) -> Result<Self, Self::Error> {
let secret_key = match BlsScalar::from_bytes(bytes).into() {
Some(sk) => sk,
Some(sk) => Box::new(sk),
None => return Err(DuskBytesError::InvalidData),
};
Ok(Self(secret_key))
Expand All @@ -77,7 +80,7 @@ impl SecretKey {
let h = h0(msg);

// Multiply point by sk
let e = h * self.0;
let e = h * self.as_ref();
Signature(e.into())
}

Expand All @@ -92,3 +95,44 @@ impl SecretKey {
sig
}
}

impl Zeroize for SecretKey {
fn zeroize(&mut self) {
self.0 .0[0] = 0;
self.0 .0[1] = 0;
self.0 .0[2] = 0;
self.0 .0[3] = 0;
// let bls_ptr: *mut BlsScalar = &mut *self.0;
// unsafe { *bls_ptr = BlsScalar::zero() };
}
}

impl ZeroizeOnDrop for SecretKey {}

#[cfg(test)]
mod tests {
use super::{BlsScalar, SecretKey};

impl SecretKey {
pub fn as_ptr(&self) -> *const BlsScalar {
&*self.0
}
}

#[test]
fn zeroize() {
let sk = SecretKey::from(BlsScalar::from(42));
let ptr = sk.as_ptr();

// sanity check that the raw pointer points to the correct data
let scalar = unsafe { core::slice::from_raw_parts(ptr, 1)[0] };
assert_eq!(scalar, BlsScalar::from(42));

// drop the struct which should trigger the zeroizing of the memory
drop(sk);

// check that the memory is erased after the struct was dropped
let scalar = unsafe { core::slice::from_raw_parts(ptr, 1)[0] };
assert_eq!(scalar, BlsScalar::zero());
}
}
2 changes: 2 additions & 0 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
//! Implementation of BLS signatures on the BLS12-381 curve.
//! Reference paper: https://crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html
extern crate alloc;

mod error;
mod hash;
mod keys;
Expand Down

0 comments on commit dee7b94

Please sign in to comment.