From a6f4eeb2a693d39ab544120a3f74243ef8e55c34 Mon Sep 17 00:00:00 2001 From: OG Date: Mon, 22 May 2023 12:47:46 +0300 Subject: [PATCH 1/2] Feat: Add ability to set a zeroizable array with an initial value in one go Fix: Update the mothods in `keygen` module to use this new api --- src/keygen.rs | 5 +++-- src/zeroizable_arrays.rs | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/src/keygen.rs b/src/keygen.rs index 64d0ab9..890eec8 100644 --- a/src/keygen.rs +++ b/src/keygen.rs @@ -92,7 +92,8 @@ mod keymaker { Err(_) => return Err(MemSecurityErr::EncryptionErr) } - let ciphertext = ZeroizeBytesArray::with_additional_capacity(TAG_LENGTH).set(buffer); + let ciphertext = + ZeroizeBytesArray::with_additional_capacity(TAG_LENGTH).set_bytes_mut(buffer); self.add_ciphertext(ciphertext); @@ -112,7 +113,7 @@ mod keymaker { b"", &mut buffer, ) { - Ok(_) => Ok(ZeroizeBytesArray::new().set(buffer)), + Ok(_) => Ok(ZeroizeBytesArray::new().set_bytes_mut(buffer)), Err(_) => { buffer.fill(0); // Zero out the partially decrypted plaintext drop(buffer); // Drop the partially leaked plaintext diff --git a/src/zeroizable_arrays.rs b/src/zeroizable_arrays.rs index 27e6963..05de24c 100644 --- a/src/zeroizable_arrays.rs +++ b/src/zeroizable_arrays.rs @@ -116,8 +116,24 @@ impl ZeroizeBytesArray { ZeroizeBytesArray(BytesMut::with_capacity(N)) } + /// Initialize the array and set the internal value of the array to the value specified by method argument + pub fn new_with_data(value: [u8; N]) -> Self { + let mut value_bytes = BytesMut::with_capacity(N); + + value_bytes.put(&value[..]); + + ZeroizeBytesArray(value_bytes) + } + /// Set the internal value of the array to the value specified by method argument - pub fn set(mut self, value: BytesMut) -> Self { + pub fn set(mut self, value: [u8; N]) -> Self { + self.0.put(&value[..]); + + self + } + + /// Set the internal value of the array to the value specified by method argument value which is a `BytesMut` + pub fn set_bytes_mut(mut self, value: BytesMut) -> Self { self.0.put(&value[..]); self @@ -197,6 +213,21 @@ impl ZeroizeBytes { ZeroizeBytes(BytesMut::new()) } + /// Initialize the array and set the internal value of the array to the value specified by method argument + pub fn new_with_data(value: &[u8]) -> Self { + let mut value_bytes = BytesMut::new(); + value_bytes.put(&value[..]); + + ZeroizeBytes(value_bytes) + } + + /// Set the internal value of the array to the value specified by method argument value which is a `BytesMut` + pub fn set_bytes_mut(mut self, value: BytesMut) -> Self { + self.0.put(&value[..]); + + self + } + /// Sets the internal value to the new value pub fn set(&mut self, value: BytesMut) -> &mut Self { self.0.put(&value[..]); From b418d65094e8cb0a525f772fd0ee091eabe5c252 Mon Sep 17 00:00:00 2001 From: OG Date: Mon, 22 May 2023 12:49:07 +0300 Subject: [PATCH 2/2] Feat: Bump up to new version --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index bdd05f8..2bc52fe 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "memsecurity" -version = "1.0.0" +version = "1.2.0" authors = ["448 ENGINEERING DESIGN DEVELOPERS "] license = "Apache-2.0 OR MIT" description = "Securely hold secrets in memory and protect them against cross-protection-boundary readout via microarchitectural, via attacks on physical layout, and via coldboot attacks."