From 1d46e9571ff6ef13e6e25e2feb0eb55139ae190f Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sun, 12 Nov 2023 09:14:59 -0500 Subject: [PATCH 1/9] Implement Zeroize for SHA 1..=3 and Blake2 --- Cargo.lock | 52 +++++++++++++++++++++++++++++++++++++++ blake2/Cargo.toml | 4 ++- blake2/src/macros.rs | 18 ++++++++++++-- blake2/src/simd/simdty.rs | 5 ++++ sha1/Cargo.toml | 4 ++- sha1/src/lib.rs | 14 +++++++++++ sha2/Cargo.toml | 4 ++- sha2/src/core_api.rs | 41 ++++++++++++++++++++++++++++-- sha3/src/state.rs | 9 ++++++- 9 files changed, 143 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b676d7157..85973249d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8,6 +8,7 @@ version = "0.10.6" dependencies = [ "digest", "hex-literal", + "zeroize", ] [[package]] @@ -188,6 +189,24 @@ version = "0.5.20+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" +[[package]] +name = "proc-macro2" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +dependencies = [ + "proc-macro2", +] + [[package]] name = "ripemd" version = "0.1.3" @@ -205,6 +224,7 @@ dependencies = [ "digest", "hex-literal", "sha1-asm", + "zeroize", ] [[package]] @@ -225,6 +245,7 @@ dependencies = [ "digest", "hex-literal", "sha2-asm", + "zeroize", ] [[package]] @@ -276,6 +297,17 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +[[package]] +name = "syn" +version = "2.0.39" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + [[package]] name = "tiger" version = "0.2.1" @@ -290,6 +322,12 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + [[package]] name = "version_check" version = "0.9.4" @@ -319,3 +357,17 @@ name = "zeroize" version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml index adb06e061..8332d500f 100644 --- a/blake2/Cargo.toml +++ b/blake2/Cargo.toml @@ -13,6 +13,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = { version = "0.10.7", features = ["mac"] } +zeroize = { version = "1", features = ["derive"], optional = true } [dev-dependencies] digest = { version = "0.10.7", features = ["dev"] } @@ -20,9 +21,10 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std"] +std = ["digest/std", "zeroize?/std"] reset = [] # Enable reset functionality simd = [] simd_opt = ["simd"] simd_asm = ["simd_opt"] size_opt = [] # Optimize for code size. Removes some `inline(always)` +zeroize = ["dep:zeroize"] # Implement Zeroize for Digest implementors diff --git a/blake2/src/macros.rs b/blake2/src/macros.rs index 917a212c8..2049cbd6d 100644 --- a/blake2/src/macros.rs +++ b/blake2/src/macros.rs @@ -9,7 +9,7 @@ macro_rules! blake2_impl { pub struct $name { h: [$vec; 2], t: u64, - #[cfg(feature = "reset")] + #[cfg(any(feature = "reset", feature = "zeroize"))] h0: [$vec; 2], } @@ -86,7 +86,7 @@ macro_rules! blake2_impl { Self::iv1() ^ $vec::new(p[4], p[5], p[6], p[7]), ]; $name { - #[cfg(feature = "reset")] + #[cfg(any(feature = "reset", feature = "zeroize"))] h0: h.clone(), h, t: 0, @@ -243,6 +243,20 @@ macro_rules! blake2_impl { } } + #[cfg(feature = "zeroize")] + impl zeroize::Zeroize for $name { + fn zeroize(&mut self) { + self.h.zeroize(); + self.t.zeroize(); + + // Because the hasher is now in an invalid state, restore the starting state + // This makes Zeroize equivalent to reset *yet using a zero-write the compiler + // hopefully shouldn't be able to optimize out* + // The following lines may be optimized out if no further use occurs, which is fine + self.h = self.h0; + } + } + impl fmt::Debug for $name { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.write_str(concat!(stringify!($name), " { ... }")) diff --git a/blake2/src/simd/simdty.rs b/blake2/src/simd/simdty.rs index 008b8b48c..5433c84e7 100644 --- a/blake2/src/simd/simdty.rs +++ b/blake2/src/simd/simdty.rs @@ -7,6 +7,9 @@ #![allow(dead_code, non_camel_case_types)] +#[cfg(feature = "zeroize")] +use zeroize::Zeroize; + use crate::as_bytes::Safe; #[cfg(feature = "simd")] @@ -14,6 +17,7 @@ macro_rules! decl_simd { ($($decl:item)*) => { $( #[derive(Clone, Copy, Debug)] + #[cfg_attr(feature = "zeroize", derive(Zeroize))] #[repr(simd)] $decl )* @@ -25,6 +29,7 @@ macro_rules! decl_simd { ($($decl:item)*) => { $( #[derive(Clone, Copy, Debug)] + #[cfg_attr(feature = "zeroize", derive(Zeroize))] #[repr(C)] $decl )* diff --git a/sha1/Cargo.toml b/sha1/Cargo.toml index 3f4b8d3ff..672d87464 100644 --- a/sha1/Cargo.toml +++ b/sha1/Cargo.toml @@ -14,6 +14,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = "0.10.7" cfg-if = "1.0" +zeroize = { version = "1", optional = true } [target.'cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))'.dependencies] cpufeatures = "0.2" @@ -25,7 +26,7 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std"] +std = ["digest/std", "zeroize?/std"] oid = ["digest/oid"] # Enable OID support. WARNING: Bumps MSRV to 1.57 asm = ["sha1-asm"] # WARNING: this feature SHOULD NOT be enabled by library crates # Use assembly backend for LoongArch64 targets @@ -33,6 +34,7 @@ asm = ["sha1-asm"] # WARNING: this feature SHOULD NOT be enabled by library crat loongarch64_asm = [] compress = [] # Expose compress function force-soft = [] # Force software implementation +zeroize = ["dep:zeroize"] # Implement Zeroize for Digest implementors [package.metadata.docs.rs] all-features = true diff --git a/sha1/src/lib.rs b/sha1/src/lib.rs index 25e867e0f..e5f935388 100644 --- a/sha1/src/lib.rs +++ b/sha1/src/lib.rs @@ -150,6 +150,20 @@ impl AlgorithmName for Sha1Core { } } +#[cfg(feature = "zeroize")] +impl zeroize::Zeroize for Sha1Core { + fn zeroize(&mut self) { + self.h.zeroize(); + self.block_len.zeroize(); + + // Because the hasher is now in an invalid state, restore the starting state + // This makes Zeroize equivalent to reset *yet using a zero-write the compiler hopefully + // shouldn't be able to optimize out* + // The following lines may be optimized out if no further use occurs, which is fine + self.h = Self::default().h; + } +} + impl fmt::Debug for Sha1Core { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.write_str("Sha1Core { ... }") diff --git a/sha2/Cargo.toml b/sha2/Cargo.toml index a3dafeaa2..6ab7f5e23 100644 --- a/sha2/Cargo.toml +++ b/sha2/Cargo.toml @@ -17,6 +17,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = "0.10.7" cfg-if = "1.0" +zeroize = { version = "1", optional = true } [target.'cfg(any(target_arch = "aarch64", target_arch = "x86_64", target_arch = "x86"))'.dependencies] cpufeatures = "0.2" @@ -28,7 +29,7 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std"] +std = ["digest/std", "zeroize?/std"] oid = ["digest/oid"] # Enable OID support. WARNING: Bumps MSRV to 1.57 asm = ["sha2-asm"] # WARNING: this feature SHOULD NOT be enabled by library crates # Use assembly backend for LoongArch64 targets @@ -37,6 +38,7 @@ loongarch64_asm = [] compress = [] # Expose compress functions force-soft = [] # Force software implementation asm-aarch64 = ["asm"] # DEPRECATED: use `asm` instead +zeroize = ["dep:zeroize"] # Implement Zeroize for Digest implementors [package.metadata.docs.rs] all-features = true diff --git a/sha2/src/core_api.rs b/sha2/src/core_api.rs index cfec02a64..e15f3a869 100644 --- a/sha2/src/core_api.rs +++ b/sha2/src/core_api.rs @@ -16,6 +16,8 @@ use digest::{ /// i.e. 224 and 256 bits respectively. #[derive(Clone)] pub struct Sha256VarCore { + #[cfg(feature = "zeroize")] + output_size: usize, state: consts::State256, block_len: u64, } @@ -53,7 +55,12 @@ impl VariableOutputCore for Sha256VarCore { _ => return Err(InvalidOutputSize), }; let block_len = 0; - Ok(Self { state, block_len }) + Ok(Self { + #[cfg(feature = "zeroize")] + output_size, + state, + block_len, + }) } #[inline] @@ -75,6 +82,20 @@ impl AlgorithmName for Sha256VarCore { } } +#[cfg(feature = "zeroize")] +impl zeroize::Zeroize for Sha256VarCore { + fn zeroize(&mut self) { + self.state.zeroize(); + self.block_len.zeroize(); + + // Because the hasher is now in an invalid state, restore the starting state + // This makes Zeroize equivalent to reset *yet using a zero-write the compiler hopefully + // shouldn't be able to optimize out* + // The following lines may be optimized out if no further use occurs, which is fine + self.state = Self::new(self.output_size).unwrap().state; + } +} + impl fmt::Debug for Sha256VarCore { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { @@ -88,6 +109,8 @@ impl fmt::Debug for Sha256VarCore { /// i.e. 224, 256, 384, and 512 bits respectively. #[derive(Clone)] pub struct Sha512VarCore { + #[cfg(feature = "zeroize")] + output_size: usize, state: consts::State512, block_len: u128, } @@ -127,7 +150,12 @@ impl VariableOutputCore for Sha512VarCore { _ => return Err(InvalidOutputSize), }; let block_len = 0; - Ok(Self { state, block_len }) + Ok(Self { + #[cfg(feature = "zeroize")] + output_size, + state, + block_len, + }) } #[inline] @@ -149,6 +177,15 @@ impl AlgorithmName for Sha512VarCore { } } +#[cfg(feature = "zeroize")] +impl zeroize::Zeroize for Sha512VarCore { + fn zeroize(&mut self) { + self.state.zeroize(); + self.block_len.zeroize(); + self.state = Self::new(self.output_size).unwrap().state; + } +} + impl fmt::Debug for Sha512VarCore { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { diff --git a/sha3/src/state.rs b/sha3/src/state.rs index ce3785f75..2309ceaba 100644 --- a/sha3/src/state.rs +++ b/sha3/src/state.rs @@ -20,10 +20,17 @@ impl Default for Sha3State { } } +#[cfg(feature = "zeroize")] +impl Zeroize for Sha3State { + fn zeroize(&mut self) { + self.state.zeroize(); + } +} + #[cfg(feature = "zeroize")] impl Drop for Sha3State { fn drop(&mut self) { - self.state.zeroize(); + self.zeroize(); } } From 2db62e9c91aa69171ccdc3b8465d5fd73af44643 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sun, 12 Nov 2023 09:21:10 -0500 Subject: [PATCH 2/9] zeroize default-features = false, correct sha2 msrv handling --- blake2/Cargo.toml | 2 +- sha1/Cargo.toml | 2 +- sha2/Cargo.toml | 6 +++--- sha2/src/core_api.rs | 4 ++-- sha3/Cargo.toml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml index 8332d500f..0ec9cbfe9 100644 --- a/blake2/Cargo.toml +++ b/blake2/Cargo.toml @@ -13,7 +13,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = { version = "0.10.7", features = ["mac"] } -zeroize = { version = "1", features = ["derive"], optional = true } +zeroize = { version = "1", default-features = false, features = ["derive"], optional = true } [dev-dependencies] digest = { version = "0.10.7", features = ["dev"] } diff --git a/sha1/Cargo.toml b/sha1/Cargo.toml index 672d87464..d4fede53c 100644 --- a/sha1/Cargo.toml +++ b/sha1/Cargo.toml @@ -14,7 +14,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = "0.10.7" cfg-if = "1.0" -zeroize = { version = "1", optional = true } +zeroize = { version = "1", default-features = false, optional = true } [target.'cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))'.dependencies] cpufeatures = "0.2" diff --git a/sha2/Cargo.toml b/sha2/Cargo.toml index 6ab7f5e23..97f572276 100644 --- a/sha2/Cargo.toml +++ b/sha2/Cargo.toml @@ -17,7 +17,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = "0.10.7" cfg-if = "1.0" -zeroize = { version = "1", optional = true } +zeroize_crate = { package = "zeroize", version = "1", default-features = false, optional = true } [target.'cfg(any(target_arch = "aarch64", target_arch = "x86_64", target_arch = "x86"))'.dependencies] cpufeatures = "0.2" @@ -29,7 +29,7 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std", "zeroize?/std"] +std = ["digest/std", "zeroize_crate?/std"] oid = ["digest/oid"] # Enable OID support. WARNING: Bumps MSRV to 1.57 asm = ["sha2-asm"] # WARNING: this feature SHOULD NOT be enabled by library crates # Use assembly backend for LoongArch64 targets @@ -38,7 +38,7 @@ loongarch64_asm = [] compress = [] # Expose compress functions force-soft = [] # Force software implementation asm-aarch64 = ["asm"] # DEPRECATED: use `asm` instead -zeroize = ["dep:zeroize"] # Implement Zeroize for Digest implementors +zeroize = ["zeroize_crate"] # Implement Zeroize for Digest implementors [package.metadata.docs.rs] all-features = true diff --git a/sha2/src/core_api.rs b/sha2/src/core_api.rs index e15f3a869..6027f217b 100644 --- a/sha2/src/core_api.rs +++ b/sha2/src/core_api.rs @@ -83,7 +83,7 @@ impl AlgorithmName for Sha256VarCore { } #[cfg(feature = "zeroize")] -impl zeroize::Zeroize for Sha256VarCore { +impl zeroize_crate::Zeroize for Sha256VarCore { fn zeroize(&mut self) { self.state.zeroize(); self.block_len.zeroize(); @@ -178,7 +178,7 @@ impl AlgorithmName for Sha512VarCore { } #[cfg(feature = "zeroize")] -impl zeroize::Zeroize for Sha512VarCore { +impl zeroize_crate::Zeroize for Sha512VarCore { fn zeroize(&mut self) { self.state.zeroize(); self.block_len.zeroize(); diff --git a/sha3/Cargo.toml b/sha3/Cargo.toml index 652630b5d..a31179852 100644 --- a/sha3/Cargo.toml +++ b/sha3/Cargo.toml @@ -26,7 +26,7 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std"] +std = ["digest/std", "zeroize?/std"] asm = ["keccak/asm"] # Enable ASM (currently ARMv8 only). WARNING: Bumps MSRV to 1.59 oid = ["digest/oid"] # Enable OID support. WARNING: Bumps MSRV to 1.57 From bef65916b86b19485a9921b29530a44103dec305 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sun, 12 Nov 2023 09:25:34 -0500 Subject: [PATCH 3/9] Remove use of derive in blake2 Enables using zeroize with a distinct name, enables cleanly working around msrv requirements. --- Cargo.lock | 49 --------------------------------------- blake2/Cargo.toml | 6 ++--- blake2/src/macros.rs | 2 +- blake2/src/simd/simdty.rs | 15 ++++++++---- 4 files changed, 14 insertions(+), 58 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 85973249d..7df1459f9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -189,24 +189,6 @@ version = "0.5.20+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" -[[package]] -name = "proc-macro2" -version = "1.0.69" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.33" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" -dependencies = [ - "proc-macro2", -] - [[package]] name = "ripemd" version = "0.1.3" @@ -297,17 +279,6 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" -[[package]] -name = "syn" -version = "2.0.39" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - [[package]] name = "tiger" version = "0.2.1" @@ -322,12 +293,6 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" -[[package]] -name = "unicode-ident" -version = "1.0.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" - [[package]] name = "version_check" version = "0.9.4" @@ -357,17 +322,3 @@ name = "zeroize" version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" -dependencies = [ - "zeroize_derive", -] - -[[package]] -name = "zeroize_derive" -version = "1.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml index 0ec9cbfe9..e71ed98fe 100644 --- a/blake2/Cargo.toml +++ b/blake2/Cargo.toml @@ -13,7 +13,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = { version = "0.10.7", features = ["mac"] } -zeroize = { version = "1", default-features = false, features = ["derive"], optional = true } +zeroize_crate = { package = "zeroize", version = "1", default-features = false, optional = true } [dev-dependencies] digest = { version = "0.10.7", features = ["dev"] } @@ -21,10 +21,10 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std", "zeroize?/std"] +std = ["digest/std", "zeroize_crate?/std"] reset = [] # Enable reset functionality simd = [] simd_opt = ["simd"] simd_asm = ["simd_opt"] size_opt = [] # Optimize for code size. Removes some `inline(always)` -zeroize = ["dep:zeroize"] # Implement Zeroize for Digest implementors +zeroize = ["zeroize_crate"] # Implement Zeroize for Digest implementors diff --git a/blake2/src/macros.rs b/blake2/src/macros.rs index 2049cbd6d..1ae916798 100644 --- a/blake2/src/macros.rs +++ b/blake2/src/macros.rs @@ -244,7 +244,7 @@ macro_rules! blake2_impl { } #[cfg(feature = "zeroize")] - impl zeroize::Zeroize for $name { + impl zeroize_crate::Zeroize for $name { fn zeroize(&mut self) { self.h.zeroize(); self.t.zeroize(); diff --git a/blake2/src/simd/simdty.rs b/blake2/src/simd/simdty.rs index 5433c84e7..cfa5f1434 100644 --- a/blake2/src/simd/simdty.rs +++ b/blake2/src/simd/simdty.rs @@ -7,9 +7,6 @@ #![allow(dead_code, non_camel_case_types)] -#[cfg(feature = "zeroize")] -use zeroize::Zeroize; - use crate::as_bytes::Safe; #[cfg(feature = "simd")] @@ -17,7 +14,6 @@ macro_rules! decl_simd { ($($decl:item)*) => { $( #[derive(Clone, Copy, Debug)] - #[cfg_attr(feature = "zeroize", derive(Zeroize))] #[repr(simd)] $decl )* @@ -29,7 +25,6 @@ macro_rules! decl_simd { ($($decl:item)*) => { $( #[derive(Clone, Copy, Debug)] - #[cfg_attr(feature = "zeroize", derive(Zeroize))] #[repr(C)] $decl )* @@ -55,6 +50,16 @@ decl_simd! { pub T, pub T, pub T, pub T); } +#[cfg(feature = "zeroize")] +impl zeroize_crate::Zeroize for Simd4 { + fn zeroize(&mut self) { + self.0.zeroize(); + self.1.zeroize(); + self.2.zeroize(); + self.3.zeroize(); + } +} + pub type u64x2 = Simd2; pub type u32x4 = Simd4; From 3352f416c6f3c7921121d5115b16b95b21e9c6ff Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sun, 12 Nov 2023 09:27:47 -0500 Subject: [PATCH 4/9] sha1 msrv fix --- sha1/Cargo.toml | 6 +++--- sha1/src/lib.rs | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sha1/Cargo.toml b/sha1/Cargo.toml index d4fede53c..700b24297 100644 --- a/sha1/Cargo.toml +++ b/sha1/Cargo.toml @@ -14,7 +14,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = "0.10.7" cfg-if = "1.0" -zeroize = { version = "1", default-features = false, optional = true } +zeroize_crate = { package = "zeroize", version = "1", default-features = false, optional = true } [target.'cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))'.dependencies] cpufeatures = "0.2" @@ -26,7 +26,7 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std", "zeroize?/std"] +std = ["digest/std", "zeroize_crate?/std"] oid = ["digest/oid"] # Enable OID support. WARNING: Bumps MSRV to 1.57 asm = ["sha1-asm"] # WARNING: this feature SHOULD NOT be enabled by library crates # Use assembly backend for LoongArch64 targets @@ -34,7 +34,7 @@ asm = ["sha1-asm"] # WARNING: this feature SHOULD NOT be enabled by library crat loongarch64_asm = [] compress = [] # Expose compress function force-soft = [] # Force software implementation -zeroize = ["dep:zeroize"] # Implement Zeroize for Digest implementors +zeroize = ["zeroize_crate"] # Implement Zeroize for Digest implementors [package.metadata.docs.rs] all-features = true diff --git a/sha1/src/lib.rs b/sha1/src/lib.rs index e5f935388..f2bd5f2d8 100644 --- a/sha1/src/lib.rs +++ b/sha1/src/lib.rs @@ -151,7 +151,7 @@ impl AlgorithmName for Sha1Core { } #[cfg(feature = "zeroize")] -impl zeroize::Zeroize for Sha1Core { +impl zeroize_crate::Zeroize for Sha1Core { fn zeroize(&mut self) { self.h.zeroize(); self.block_len.zeroize(); From 9634d7c9b90de1844c958d60532e947e50828221 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sun, 12 Nov 2023 10:02:37 -0500 Subject: [PATCH 5/9] Don't enable zeroize/std on std --- blake2/Cargo.toml | 2 +- sha1/Cargo.toml | 2 +- sha2/Cargo.toml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml index e71ed98fe..97deec12b 100644 --- a/blake2/Cargo.toml +++ b/blake2/Cargo.toml @@ -21,7 +21,7 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std", "zeroize_crate?/std"] +std = ["digest/std"] reset = [] # Enable reset functionality simd = [] simd_opt = ["simd"] diff --git a/sha1/Cargo.toml b/sha1/Cargo.toml index 700b24297..501a4c659 100644 --- a/sha1/Cargo.toml +++ b/sha1/Cargo.toml @@ -26,7 +26,7 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std", "zeroize_crate?/std"] +std = ["digest/std"] oid = ["digest/oid"] # Enable OID support. WARNING: Bumps MSRV to 1.57 asm = ["sha1-asm"] # WARNING: this feature SHOULD NOT be enabled by library crates # Use assembly backend for LoongArch64 targets diff --git a/sha2/Cargo.toml b/sha2/Cargo.toml index 97f572276..c3a232bfa 100644 --- a/sha2/Cargo.toml +++ b/sha2/Cargo.toml @@ -29,7 +29,7 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std", "zeroize_crate?/std"] +std = ["digest/std"] oid = ["digest/oid"] # Enable OID support. WARNING: Bumps MSRV to 1.57 asm = ["sha2-asm"] # WARNING: this feature SHOULD NOT be enabled by library crates # Use assembly backend for LoongArch64 targets From 37e7bc5c057414d9a2dd5c5aac9abd4784106022 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sun, 12 Nov 2023 10:46:06 -0500 Subject: [PATCH 6/9] ZeroizeOnDrop instead of Zeroize --- blake2/Cargo.toml | 2 +- blake2/src/macros.rs | 17 +++++++---------- sha1/Cargo.toml | 2 +- sha1/src/lib.rs | 13 +++++-------- sha2/Cargo.toml | 2 +- sha2/src/core_api.rs | 39 ++++++++++++--------------------------- sha3/src/state.rs | 9 +-------- 7 files changed, 28 insertions(+), 56 deletions(-) diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml index 97deec12b..78c701218 100644 --- a/blake2/Cargo.toml +++ b/blake2/Cargo.toml @@ -27,4 +27,4 @@ simd = [] simd_opt = ["simd"] simd_asm = ["simd_opt"] size_opt = [] # Optimize for code size. Removes some `inline(always)` -zeroize = ["zeroize_crate"] # Implement Zeroize for Digest implementors +zeroize = ["zeroize_crate"] # Implement ZeroizeOnDrop for Digest implementors diff --git a/blake2/src/macros.rs b/blake2/src/macros.rs index 1ae916798..8bad9f529 100644 --- a/blake2/src/macros.rs +++ b/blake2/src/macros.rs @@ -9,7 +9,7 @@ macro_rules! blake2_impl { pub struct $name { h: [$vec; 2], t: u64, - #[cfg(any(feature = "reset", feature = "zeroize"))] + #[cfg(feature = "reset")] h0: [$vec; 2], } @@ -86,7 +86,7 @@ macro_rules! blake2_impl { Self::iv1() ^ $vec::new(p[4], p[5], p[6], p[7]), ]; $name { - #[cfg(any(feature = "reset", feature = "zeroize"))] + #[cfg(feature = "reset")] h0: h.clone(), h, t: 0, @@ -244,18 +244,15 @@ macro_rules! blake2_impl { } #[cfg(feature = "zeroize")] - impl zeroize_crate::Zeroize for $name { - fn zeroize(&mut self) { + impl Drop for $name { + fn drop(&mut self) { + use zeroize_crate::Zeroize; self.h.zeroize(); self.t.zeroize(); - - // Because the hasher is now in an invalid state, restore the starting state - // This makes Zeroize equivalent to reset *yet using a zero-write the compiler - // hopefully shouldn't be able to optimize out* - // The following lines may be optimized out if no further use occurs, which is fine - self.h = self.h0; } } + #[cfg(feature = "zeroize")] + impl zeroize_crate::ZeroizeOnDrop for $name {} impl fmt::Debug for $name { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { diff --git a/sha1/Cargo.toml b/sha1/Cargo.toml index 501a4c659..f15fe4161 100644 --- a/sha1/Cargo.toml +++ b/sha1/Cargo.toml @@ -34,7 +34,7 @@ asm = ["sha1-asm"] # WARNING: this feature SHOULD NOT be enabled by library crat loongarch64_asm = [] compress = [] # Expose compress function force-soft = [] # Force software implementation -zeroize = ["zeroize_crate"] # Implement Zeroize for Digest implementors +zeroize = ["zeroize_crate"] # Implement ZeroizeOnDrop for Digest implementors [package.metadata.docs.rs] all-features = true diff --git a/sha1/src/lib.rs b/sha1/src/lib.rs index f2bd5f2d8..88e6400b5 100644 --- a/sha1/src/lib.rs +++ b/sha1/src/lib.rs @@ -151,18 +151,15 @@ impl AlgorithmName for Sha1Core { } #[cfg(feature = "zeroize")] -impl zeroize_crate::Zeroize for Sha1Core { - fn zeroize(&mut self) { +impl Drop for Sha1Core { + fn drop(&mut self) { + use zeroize_crate::Zeroize; self.h.zeroize(); self.block_len.zeroize(); - - // Because the hasher is now in an invalid state, restore the starting state - // This makes Zeroize equivalent to reset *yet using a zero-write the compiler hopefully - // shouldn't be able to optimize out* - // The following lines may be optimized out if no further use occurs, which is fine - self.h = Self::default().h; } } +#[cfg(feature = "zeroize")] +impl zeroize_crate::ZeroizeOnDrop for Sha1Core {} impl fmt::Debug for Sha1Core { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { diff --git a/sha2/Cargo.toml b/sha2/Cargo.toml index c3a232bfa..c66f723b2 100644 --- a/sha2/Cargo.toml +++ b/sha2/Cargo.toml @@ -38,7 +38,7 @@ loongarch64_asm = [] compress = [] # Expose compress functions force-soft = [] # Force software implementation asm-aarch64 = ["asm"] # DEPRECATED: use `asm` instead -zeroize = ["zeroize_crate"] # Implement Zeroize for Digest implementors +zeroize = ["zeroize_crate"] # Implement ZeroizeOnDrop for Digest implementors [package.metadata.docs.rs] all-features = true diff --git a/sha2/src/core_api.rs b/sha2/src/core_api.rs index 6027f217b..7723613fa 100644 --- a/sha2/src/core_api.rs +++ b/sha2/src/core_api.rs @@ -16,8 +16,6 @@ use digest::{ /// i.e. 224 and 256 bits respectively. #[derive(Clone)] pub struct Sha256VarCore { - #[cfg(feature = "zeroize")] - output_size: usize, state: consts::State256, block_len: u64, } @@ -55,12 +53,7 @@ impl VariableOutputCore for Sha256VarCore { _ => return Err(InvalidOutputSize), }; let block_len = 0; - Ok(Self { - #[cfg(feature = "zeroize")] - output_size, - state, - block_len, - }) + Ok(Self { state, block_len }) } #[inline] @@ -83,18 +76,15 @@ impl AlgorithmName for Sha256VarCore { } #[cfg(feature = "zeroize")] -impl zeroize_crate::Zeroize for Sha256VarCore { - fn zeroize(&mut self) { +impl Drop for Sha256VarCore { + fn drop(&mut self) { + use zeroize_crate::Zeroize; self.state.zeroize(); self.block_len.zeroize(); - - // Because the hasher is now in an invalid state, restore the starting state - // This makes Zeroize equivalent to reset *yet using a zero-write the compiler hopefully - // shouldn't be able to optimize out* - // The following lines may be optimized out if no further use occurs, which is fine - self.state = Self::new(self.output_size).unwrap().state; } } +#[cfg(feature = "zeroize")] +impl zeroize_crate::ZeroizeOnDrop for Sha256VarCore {} impl fmt::Debug for Sha256VarCore { #[inline] @@ -109,8 +99,6 @@ impl fmt::Debug for Sha256VarCore { /// i.e. 224, 256, 384, and 512 bits respectively. #[derive(Clone)] pub struct Sha512VarCore { - #[cfg(feature = "zeroize")] - output_size: usize, state: consts::State512, block_len: u128, } @@ -150,12 +138,7 @@ impl VariableOutputCore for Sha512VarCore { _ => return Err(InvalidOutputSize), }; let block_len = 0; - Ok(Self { - #[cfg(feature = "zeroize")] - output_size, - state, - block_len, - }) + Ok(Self { state, block_len }) } #[inline] @@ -178,13 +161,15 @@ impl AlgorithmName for Sha512VarCore { } #[cfg(feature = "zeroize")] -impl zeroize_crate::Zeroize for Sha512VarCore { - fn zeroize(&mut self) { +impl Drop for Sha512VarCore { + fn drop(&mut self) { + use zeroize_crate::Zeroize; self.state.zeroize(); self.block_len.zeroize(); - self.state = Self::new(self.output_size).unwrap().state; } } +#[cfg(feature = "zeroize")] +impl zeroize_crate::ZeroizeOnDrop for Sha512VarCore {} impl fmt::Debug for Sha512VarCore { #[inline] diff --git a/sha3/src/state.rs b/sha3/src/state.rs index 2309ceaba..ce3785f75 100644 --- a/sha3/src/state.rs +++ b/sha3/src/state.rs @@ -20,17 +20,10 @@ impl Default for Sha3State { } } -#[cfg(feature = "zeroize")] -impl Zeroize for Sha3State { - fn zeroize(&mut self) { - self.state.zeroize(); - } -} - #[cfg(feature = "zeroize")] impl Drop for Sha3State { fn drop(&mut self) { - self.zeroize(); + self.state.zeroize(); } } From 23359e04af3a45665d509340687249469fb1dba2 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sun, 12 Nov 2023 11:13:06 -0500 Subject: [PATCH 7/9] Remove zeroize feature for solely the zeroize optional dependency --- blake2/Cargo.toml | 3 +-- blake2/src/macros.rs | 4 ++-- blake2/src/simd/simdty.rs | 2 +- sha1/Cargo.toml | 3 +-- sha1/src/lib.rs | 4 ++-- sha2/Cargo.toml | 3 +-- sha2/src/core_api.rs | 8 ++++---- sha3/Cargo.toml | 2 +- 8 files changed, 13 insertions(+), 16 deletions(-) diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml index 78c701218..0141cad0b 100644 --- a/blake2/Cargo.toml +++ b/blake2/Cargo.toml @@ -13,7 +13,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = { version = "0.10.7", features = ["mac"] } -zeroize_crate = { package = "zeroize", version = "1", default-features = false, optional = true } +zeroize = { version = "1", default-features = false, optional = true } [dev-dependencies] digest = { version = "0.10.7", features = ["dev"] } @@ -27,4 +27,3 @@ simd = [] simd_opt = ["simd"] simd_asm = ["simd_opt"] size_opt = [] # Optimize for code size. Removes some `inline(always)` -zeroize = ["zeroize_crate"] # Implement ZeroizeOnDrop for Digest implementors diff --git a/blake2/src/macros.rs b/blake2/src/macros.rs index 8bad9f529..44e0c3a9a 100644 --- a/blake2/src/macros.rs +++ b/blake2/src/macros.rs @@ -246,13 +246,13 @@ macro_rules! blake2_impl { #[cfg(feature = "zeroize")] impl Drop for $name { fn drop(&mut self) { - use zeroize_crate::Zeroize; + use zeroize::Zeroize; self.h.zeroize(); self.t.zeroize(); } } #[cfg(feature = "zeroize")] - impl zeroize_crate::ZeroizeOnDrop for $name {} + impl zeroize::ZeroizeOnDrop for $name {} impl fmt::Debug for $name { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { diff --git a/blake2/src/simd/simdty.rs b/blake2/src/simd/simdty.rs index cfa5f1434..a2b313c63 100644 --- a/blake2/src/simd/simdty.rs +++ b/blake2/src/simd/simdty.rs @@ -51,7 +51,7 @@ decl_simd! { } #[cfg(feature = "zeroize")] -impl zeroize_crate::Zeroize for Simd4 { +impl zeroize::Zeroize for Simd4 { fn zeroize(&mut self) { self.0.zeroize(); self.1.zeroize(); diff --git a/sha1/Cargo.toml b/sha1/Cargo.toml index f15fe4161..5cafe8bf7 100644 --- a/sha1/Cargo.toml +++ b/sha1/Cargo.toml @@ -14,7 +14,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = "0.10.7" cfg-if = "1.0" -zeroize_crate = { package = "zeroize", version = "1", default-features = false, optional = true } +zeroize = { version = "1", default-features = false, optional = true } [target.'cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))'.dependencies] cpufeatures = "0.2" @@ -34,7 +34,6 @@ asm = ["sha1-asm"] # WARNING: this feature SHOULD NOT be enabled by library crat loongarch64_asm = [] compress = [] # Expose compress function force-soft = [] # Force software implementation -zeroize = ["zeroize_crate"] # Implement ZeroizeOnDrop for Digest implementors [package.metadata.docs.rs] all-features = true diff --git a/sha1/src/lib.rs b/sha1/src/lib.rs index 88e6400b5..9987311f9 100644 --- a/sha1/src/lib.rs +++ b/sha1/src/lib.rs @@ -153,13 +153,13 @@ impl AlgorithmName for Sha1Core { #[cfg(feature = "zeroize")] impl Drop for Sha1Core { fn drop(&mut self) { - use zeroize_crate::Zeroize; + use zeroize::Zeroize; self.h.zeroize(); self.block_len.zeroize(); } } #[cfg(feature = "zeroize")] -impl zeroize_crate::ZeroizeOnDrop for Sha1Core {} +impl zeroize::ZeroizeOnDrop for Sha1Core {} impl fmt::Debug for Sha1Core { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { diff --git a/sha2/Cargo.toml b/sha2/Cargo.toml index c66f723b2..4645cff23 100644 --- a/sha2/Cargo.toml +++ b/sha2/Cargo.toml @@ -17,7 +17,7 @@ categories = ["cryptography", "no-std"] [dependencies] digest = "0.10.7" cfg-if = "1.0" -zeroize_crate = { package = "zeroize", version = "1", default-features = false, optional = true } +zeroize = { version = "1", default-features = false, optional = true } [target.'cfg(any(target_arch = "aarch64", target_arch = "x86_64", target_arch = "x86"))'.dependencies] cpufeatures = "0.2" @@ -38,7 +38,6 @@ loongarch64_asm = [] compress = [] # Expose compress functions force-soft = [] # Force software implementation asm-aarch64 = ["asm"] # DEPRECATED: use `asm` instead -zeroize = ["zeroize_crate"] # Implement ZeroizeOnDrop for Digest implementors [package.metadata.docs.rs] all-features = true diff --git a/sha2/src/core_api.rs b/sha2/src/core_api.rs index 7723613fa..d286e9fd5 100644 --- a/sha2/src/core_api.rs +++ b/sha2/src/core_api.rs @@ -78,13 +78,13 @@ impl AlgorithmName for Sha256VarCore { #[cfg(feature = "zeroize")] impl Drop for Sha256VarCore { fn drop(&mut self) { - use zeroize_crate::Zeroize; + use zeroize::Zeroize; self.state.zeroize(); self.block_len.zeroize(); } } #[cfg(feature = "zeroize")] -impl zeroize_crate::ZeroizeOnDrop for Sha256VarCore {} +impl zeroize::ZeroizeOnDrop for Sha256VarCore {} impl fmt::Debug for Sha256VarCore { #[inline] @@ -163,13 +163,13 @@ impl AlgorithmName for Sha512VarCore { #[cfg(feature = "zeroize")] impl Drop for Sha512VarCore { fn drop(&mut self) { - use zeroize_crate::Zeroize; + use zeroize::Zeroize; self.state.zeroize(); self.block_len.zeroize(); } } #[cfg(feature = "zeroize")] -impl zeroize_crate::ZeroizeOnDrop for Sha512VarCore {} +impl zeroize::ZeroizeOnDrop for Sha512VarCore {} impl fmt::Debug for Sha512VarCore { #[inline] diff --git a/sha3/Cargo.toml b/sha3/Cargo.toml index a31179852..652630b5d 100644 --- a/sha3/Cargo.toml +++ b/sha3/Cargo.toml @@ -26,7 +26,7 @@ hex-literal = "0.2.2" [features] default = ["std"] -std = ["digest/std", "zeroize?/std"] +std = ["digest/std"] asm = ["keccak/asm"] # Enable ASM (currently ARMv8 only). WARNING: Bumps MSRV to 1.59 oid = ["digest/oid"] # Enable OID support. WARNING: Bumps MSRV to 1.57 From fa0973aaee6c018d5eced67a15ee12c2bac22544 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= Date: Tue, 14 Nov 2023 00:21:29 +0300 Subject: [PATCH 8/9] Tweak blake2 CI config --- .github/workflows/blake2.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/blake2.yml b/.github/workflows/blake2.yml index 06b2e91b1..8aea14485 100644 --- a/.github/workflows/blake2.yml +++ b/.github/workflows/blake2.yml @@ -66,6 +66,8 @@ jobs: uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master with: working-directory: ${{ github.workflow }} + nightly_cmd: cargo build --benches && cargo hack test --release --feature-powerset + stable_cmd: simd: runs-on: ubuntu-latest From 175174809ece2bf2396bd6765f08e812188079eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= Date: Tue, 14 Nov 2023 00:24:50 +0300 Subject: [PATCH 9/9] Fix blake2 CI --- .github/workflows/blake2.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/blake2.yml b/.github/workflows/blake2.yml index 8aea14485..f0b108ca9 100644 --- a/.github/workflows/blake2.yml +++ b/.github/workflows/blake2.yml @@ -66,8 +66,8 @@ jobs: uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master with: working-directory: ${{ github.workflow }} - nightly_cmd: cargo build --benches && cargo hack test --release --feature-powerset - stable_cmd: + nightly_cmd: cargo build --benches + stable_cmd: cargo hack test --release --feature-powerset --exclude-features simd,simd_opt,simd_asm simd: runs-on: ubuntu-latest