From 59a1957b9d4a450cd3879bb8a8fc525eba3515a6 Mon Sep 17 00:00:00 2001 From: stringhandler Date: Sun, 27 Aug 2023 14:37:43 +0200 Subject: [PATCH] more zeroizing --- src/extended_range_proof.rs | 19 +++++++++++++++++-- .../pedersen/extended_commitment_factory.rs | 8 +++----- src/ristretto/ristretto_keys.rs | 6 ------ 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/src/extended_range_proof.rs b/src/extended_range_proof.rs index 7850dc25..2e9ceb70 100644 --- a/src/extended_range_proof.rs +++ b/src/extended_range_proof.rs @@ -4,6 +4,7 @@ //! Extended range proofs use std::{string::ToString, vec::Vec}; +use zeroize::Zeroize; use crate::{ commitment::{ExtensionDegree, HomomorphicCommitment}, @@ -99,13 +100,19 @@ pub trait ExtendedRangeProofService { /// Extended blinding factor vector used as part of the witness to construct an extended proof, or rewind data /// extracted from a range proof containing the mask (e.g. blinding factor vector). -#[derive(Debug, Clone, PartialEq, Eq)] +#[derive(Debug, Clone, PartialEq, Eq, Zeroize)] pub struct ExtendedMask where K: SecretKey { secrets: Vec, } +impl Drop for ExtendedMask{ + fn drop(&mut self) { + self.secrets.zeroize(); + } +} + impl ExtendedMask where K: SecretKey { @@ -200,7 +207,7 @@ where PK: PublicKey /// The extended witness contains the extended mask (blinding factor vector), value and a minimum value /// promise; this will be used to construct the extended range proof -#[derive(Clone)] +#[derive(Clone, Zeroize)] pub struct ExtendedWitness where K: SecretKey { @@ -212,6 +219,14 @@ where K: SecretKey pub minimum_value_promise: u64, } +impl Drop for ExtendedWitness{ + fn drop(&mut self) { + self.mask.zeroize(); + self.value.zeroize(); + self.minimum_value_promise.zeroize(); + } +} + impl ExtendedWitness where K: SecretKey { diff --git a/src/ristretto/pedersen/extended_commitment_factory.rs b/src/ristretto/pedersen/extended_commitment_factory.rs index c7e938eb..e7663013 100644 --- a/src/ristretto/pedersen/extended_commitment_factory.rs +++ b/src/ristretto/pedersen/extended_commitment_factory.rs @@ -4,7 +4,7 @@ //! Extended commitments are commitments that have more than one blinding factor. use alloc::vec::Vec; -use core::{borrow::Borrow, iter::once}; +use core::{iter::once}; use curve25519_dalek::{ ristretto::{CompressedRistretto, RistrettoPoint}, @@ -90,8 +90,6 @@ impl ExtendedPedersenCommitmentFactory { value: &Scalar, blinding_factors: &[Scalar], ) -> Result - where - for<'a> &'a Scalar: Borrow, { if blinding_factors.is_empty() || blinding_factors.len() > self.extension_degree as usize { Err(CommitmentError::CommitmentExtensionDegree { @@ -106,13 +104,13 @@ impl ExtendedPedersenCommitmentFactory { } #[cfg(not(feature = "precomputed_tables"))] { - let scalars = once(value).chain(blinding_factors); + let scalars = once(value).chain(blinding_factors.iter()); let g_base_head = self.g_base_vec.iter().take(blinding_factors.len()); let points = once(&self.h_base).chain(g_base_head); Ok(RistrettoPoint::multiscalar_mul(scalars, points)) } } else { - let scalars = once(value).chain(blinding_factors); + let scalars = once(value).chain(blinding_factors.iter()); let g_base_head = self.g_base_vec.iter().take(blinding_factors.len()); let points = once(&self.h_base).chain(g_base_head); Ok(RistrettoPoint::multiscalar_mul(scalars, points)) diff --git a/src/ristretto/ristretto_keys.rs b/src/ristretto/ristretto_keys.rs index 6a53b287..a6951202 100644 --- a/src/ristretto/ristretto_keys.rs +++ b/src/ristretto/ristretto_keys.rs @@ -214,12 +214,6 @@ impl From for RistrettoSecretKey { } } -impl From for RistrettoSecretKey { - fn from(s: Scalar) -> Self { - RistrettoSecretKey(s) - } -} - //--------------------------------------------- Borrow impl -------------------------------------------------// impl<'a> Borrow for &'a RistrettoSecretKey {