diff --git a/cfb-mode/Cargo.toml b/cfb-mode/Cargo.toml index 69df7068..ab25b35c 100644 --- a/cfb-mode/Cargo.toml +++ b/cfb-mode/Cargo.toml @@ -12,6 +12,7 @@ categories = ["cryptography", "no-std"] [dependencies] stream-cipher = "0.3" block-cipher-trait = "0.6" +zeroize = { version = "0.9", optional = true } [dev-dependencies] aes = "0.3" diff --git a/cfb-mode/src/lib.rs b/cfb-mode/src/lib.rs index dc614771..0f50602b 100644 --- a/cfb-mode/src/lib.rs +++ b/cfb-mode/src/lib.rs @@ -51,12 +51,20 @@ pub extern crate stream_cipher; extern crate block_cipher_trait; +#[cfg(cargo_feature = "zeroize")] +extern crate zeroize; + use stream_cipher::{StreamCipher, NewStreamCipher, InvalidKeyNonceLength}; use block_cipher_trait::BlockCipher; use block_cipher_trait::generic_array::GenericArray; use block_cipher_trait::generic_array::typenum::Unsigned; use core::slice; +#[cfg(cargo_feature = "zeroize")] +use zeroize::Zeroize; +#[cfg(cargo_feature = "zeroize")] +use std::ops::Drop; + /// CFB self-synchronizing stream cipher instance. pub struct Cfb { cipher: C, @@ -68,6 +76,22 @@ type Block = GenericArray::BlockSize>; type ParBlocks = GenericArray, ::ParBlocks>; type Key = GenericArray::KeySize>; +#[cfg(cargo_feature = "zeroize")] +impl Zeroize for Cfb { + fn zeroize(&mut self) { + self.cipher.zeroize(); + self.iv.zeroize(); + self.pos.zeroize(); + } +} + +#[cfg(cargo_feature = "zeroize")] +impl Drop for Cfb { + fn drop(&mut self) { + self.zeroize(); + } +} + impl NewStreamCipher for Cfb { type KeySize = C::KeySize; type NonceSize = C::BlockSize; diff --git a/cfb8/Cargo.toml b/cfb8/Cargo.toml index b6bf0cbc..7b0a84ab 100644 --- a/cfb8/Cargo.toml +++ b/cfb8/Cargo.toml @@ -12,6 +12,7 @@ categories = ["cryptography", "no-std"] [dependencies] stream-cipher = "0.3" block-cipher-trait = "0.6" +zeroize = { version = "0.9", optional = true } [dev-dependencies] aes = "0.3" diff --git a/cfb8/src/lib.rs b/cfb8/src/lib.rs index 2a7d2dad..b6c28609 100644 --- a/cfb8/src/lib.rs +++ b/cfb8/src/lib.rs @@ -51,17 +51,40 @@ extern crate block_cipher_trait; pub extern crate stream_cipher; +#[cfg(cargo_feature = "zeroize")] +extern crate zeroize; + use stream_cipher::{NewStreamCipher, StreamCipher, InvalidKeyNonceLength}; use block_cipher_trait::BlockCipher; use block_cipher_trait::generic_array::GenericArray; use block_cipher_trait::generic_array::typenum::Unsigned; +#[cfg(cargo_feature = "zeroize")] +use zeroize::Zeroize; +#[cfg(cargo_feature = "zeroize")] +use std::ops::Drop; + /// CFB self-synchronizing stream cipher instance. pub struct Cfb8 { cipher: C, iv: GenericArray, } +#[cfg(cargo_feature = "zeroize")] +impl Zeroize for Cfb8 { + fn zeroize(&mut self) { + self.cipher.zeroize(); + self.iv.zeroize(); + } +} + +#[cfg(cargo_feature = "zeroize")] +impl Drop for Cfb8 { + fn drop(&mut self) { + self.zeroize(); + } +} + impl NewStreamCipher for Cfb8 { type KeySize = C::KeySize; type NonceSize = C::BlockSize; diff --git a/ctr/Cargo.toml b/ctr/Cargo.toml index 59d530f1..266a7d31 100644 --- a/ctr/Cargo.toml +++ b/ctr/Cargo.toml @@ -12,6 +12,7 @@ categories = ["cryptography", "no-std"] [dependencies] stream-cipher = "0.3" block-cipher-trait = "0.6" +zeroize = { version = "0.9", optional = true } [dev-dependencies] aes = "0.3" diff --git a/ctr/src/lib.rs b/ctr/src/lib.rs index 87a984e6..733d6d33 100644 --- a/ctr/src/lib.rs +++ b/ctr/src/lib.rs @@ -41,6 +41,9 @@ pub extern crate stream_cipher; extern crate block_cipher_trait; +#[cfg(cargo_feature = "zeroize")] +extern crate zeroize; + use stream_cipher::{ SyncStreamCipher, SyncStreamCipherSeek, NewStreamCipher, LoopError, InvalidKeyNonceLength @@ -51,6 +54,11 @@ use block_cipher_trait::generic_array::typenum::{U16, Unsigned}; use block_cipher_trait::BlockCipher; use core::{mem, cmp, fmt, ptr}; +#[cfg(cargo_feature = "zeroize")] +use zeroize::Zeroize; +#[cfg(cargo_feature = "zeroize")] +use std::ops::Drop; + #[inline(always)] fn xor(buf: &mut [u8], key: &[u8]) { debug_assert_eq!(buf.len(), key.len()); @@ -76,6 +84,24 @@ pub struct Ctr128 pos: Option, } +#[cfg(cargo_feature = "zeroize")] +impl Zeroize for Ctr128 { + fn zeroize(&mut self) { + self.cipher.zeroize(); + self.nonce.zeroize(); + self.counter.zeroize(); + self.block.zeroize(); + self.pos.zeroize(); + } +} + +#[cfg(cargo_feature = "zeroize")] +impl Drop for Ctr128 { + fn drop(&mut self) { + self.zeroize(); + } +} + impl Ctr128 where C: BlockCipher, diff --git a/ofb/Cargo.toml b/ofb/Cargo.toml index 2dce1f6c..f44015da 100644 --- a/ofb/Cargo.toml +++ b/ofb/Cargo.toml @@ -12,6 +12,7 @@ categories = ["cryptography", "no-std"] [dependencies] stream-cipher = "0.3" block-cipher-trait = "0.6" +zeroize = { version = "0.9", optional = true } [dev-dependencies] aes = "0.3" diff --git a/ofb/src/lib.rs b/ofb/src/lib.rs index 5ccb2ce5..75333969 100644 --- a/ofb/src/lib.rs +++ b/ofb/src/lib.rs @@ -53,6 +53,9 @@ pub extern crate stream_cipher; extern crate block_cipher_trait; +#[cfg(cargo_feature = "zeroize")] +extern crate zeroize; + use stream_cipher::{ SyncStreamCipher, NewStreamCipher, LoopError, InvalidKeyNonceLength, }; @@ -60,6 +63,11 @@ use block_cipher_trait::BlockCipher; use block_cipher_trait::generic_array::GenericArray; use block_cipher_trait::generic_array::typenum::Unsigned; +#[cfg(cargo_feature = "zeroize")] +use zeroize::Zeroize; +#[cfg(cargo_feature = "zeroize")] +use std::ops::Drop; + type Block = GenericArray::BlockSize>; /// OFB self-synchronizing stream cipher instance. @@ -69,6 +77,22 @@ pub struct Ofb { pos: usize, } +#[cfg(cargo_feature = "zeroize")] +impl Zeroize for Cfb8 { + fn zeroize(&mut self) { + self.cipher.zeroize(); + self.block.zeroize(); + self.pos.zeroize(); + } +} + +#[cfg(cargo_feature = "zeroize")] +impl Drop for Cfb8 { + fn drop(&mut self) { + self.zeroize(); + } +} + impl NewStreamCipher for Ofb { type KeySize = C::KeySize; type NonceSize = C::BlockSize; @@ -131,4 +155,3 @@ fn xor(buf1: &mut [u8], buf2: &[u8]) { *a ^= *b; } } -