From e767312a21655183eec230d8ab0ecf6882cf2133 Mon Sep 17 00:00:00 2001 From: Alexander Wagner Date: Tue, 23 May 2023 15:10:15 +0200 Subject: [PATCH] ascon: Add Drop & ZeroizeOnDrop for State (#57) Not zeroizing the state allows to recover any squeezed output. This is because the `ascon` permutations can be inversed. Hence, access to the complete state allows to perform this operation. --- ascon/Cargo.toml | 5 ++++- ascon/src/lib.rs | 16 ++++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/ascon/Cargo.toml b/ascon/Cargo.toml index a6bef36..e9a2a1a 100644 --- a/ascon/Cargo.toml +++ b/ascon/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "ascon" -version = "0.3.1" +version = "0.4.0-pre" description = "Pure rust implementation of the Ascon permutation" authors = [ "Sebastian Ramacher ", @@ -15,6 +15,9 @@ readme = "README.md" edition = "2021" rust-version = "1.56" +[dependencies] +zeroize = { version = "1.6.0", default-features = false, optional=true } + [features] no_unroll = [] # Do not unroll loops for binary size reduction diff --git a/ascon/src/lib.rs b/ascon/src/lib.rs index e2d5bda..8719203 100644 --- a/ascon/src/lib.rs +++ b/ascon/src/lib.rs @@ -12,6 +12,8 @@ #![warn(missing_docs)] use core::mem::size_of; +#[cfg(feature = "zeroize")] +use zeroize::{Zeroize, ZeroizeOnDrop}; /// Produce mask for padding. #[inline(always)] @@ -28,7 +30,7 @@ const fn round_constant(round: u64) -> u64 { /// The state of Ascon's permutation. /// /// The permutation operates on a state of 320 bits represented as 5 64 bit words. -#[derive(Clone, Copy, Debug, Default)] +#[derive(Clone, Debug, Default)] pub struct State { x: [u64; 5], } @@ -262,6 +264,16 @@ impl AsRef<[u64]> for State { } } +#[cfg(feature = "zeroize")] +impl Drop for State { + fn drop(&mut self) { + self.x.zeroize(); + } +} + +#[cfg(feature = "zeroize")] +impl ZeroizeOnDrop for State {} + #[cfg(test)] mod tests { use super::*; @@ -378,7 +390,7 @@ mod tests { 0xabcdef0123456789, 0x89abcdef01234567, ); - let mut state2 = state; + let mut state2 = state.clone(); state.permute_6(); state2.permute_n(6);