core: add zeroize dep

yukibtc · yukibtc · commit f9739c77d298 · 2023-10-06T11:28:51.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/keechain-core/Cargo.toml b/keechain-core/Cargo.toml
@@ -16,12 +16,13 @@ default = ["sysinfo"]
 [dependencies]
 aes = "0.8"
 bdk = { git = "https://github.com/bitcoindevkit/bdk", rev = "417963f16882945423b8a8b6b33a507f8d4888a3", default-features = false, features = ["std"] }
-bip39 = "2.0"
+bip39 = { version = "2.0", default-features = false, features = ["std", "zeroize"] }
 cbc = { version = "0.1", features = ["alloc"] }
 chacha20poly1305 = "0.10"
 rand_chacha = "0.3"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
+zeroize = { version = "1.5", features = ["derive"] } # bip39 uses version 1.5
 
 [target.'cfg(not(target_vendor = "apple"))'.dependencies]
 sysinfo = { version = "0.28", optional = true }
diff --git a/keechain-core/src/types/keychain.rs b/keechain-core/src/types/keychain.rs
@@ -8,6 +8,7 @@ use bdk::bitcoin::secp256k1::{Secp256k1, Signing};
 use bdk::bitcoin::Network;
 use serde::de::Deserializer;
 use serde::{Deserialize, Serialize};
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use crate::bips::bip32::{self, Bip32, ExtendedPubKey, Fingerprint};
 use crate::bips::bip39::Mnemonic;
@@ -157,17 +158,16 @@ impl EncryptedKeychain {
     }
 }
 
-#[derive(Deserialize)]
+#[derive(Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]
 struct KeychainIntermediate {
     mnemonic: Mnemonic,
     passphrases: Vec<String>,
 }
 
-#[derive(Clone, Serialize)]
+#[derive(Clone, Zeroize, ZeroizeOnDrop)]
 pub struct Keychain {
     mnemonic: Mnemonic,
     passphrases: Vec<String>,
-    #[serde(skip_serializing)]
     pub seed: Seed,
 }
 
@@ -184,10 +184,16 @@ impl Deref for Keychain {
     }
 }
 
-impl Drop for Keychain {
-    fn drop(&mut self) {
-        self.mnemonic = Mnemonic::from_entropy(b"00000000000000000000000000000000").unwrap();
-        self.passphrases = Vec::new();
+impl Serialize for Keychain {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        let intermediate = KeychainIntermediate {
+            mnemonic: self.mnemonic.clone(),
+            passphrases: self.passphrases.clone(),
+        };
+        intermediate.serialize(serializer)
     }
 }
 
@@ -197,7 +203,10 @@ impl<'de> Deserialize<'de> for Keychain {
         D: Deserializer<'de>,
     {
         let intermediate = KeychainIntermediate::deserialize(deserializer)?;
-        Ok(Self::new(intermediate.mnemonic, intermediate.passphrases))
+        Ok(Self::new(
+            intermediate.mnemonic.clone(),
+            intermediate.passphrases.clone(),
+        ))
     }
 }
 
diff --git a/keechain-core/src/types/seed.rs b/keechain-core/src/types/seed.rs
@@ -6,13 +6,14 @@ use core::fmt;
 use bdk::bitcoin::Network;
 use bip39::Mnemonic;
 use serde::{Deserialize, Serialize};
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use crate::bips::bip32::{self, Bip32, ExtendedPrivKey};
 use crate::bips::bip85::Bip85;
 use crate::descriptors::ToDescriptor;
 use crate::util::hex;
 
-#[derive(Clone, Eq, PartialEq, Serialize, Deserialize)]
+#[derive(Clone, PartialEq, Eq, Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]
 pub struct Seed {
     mnemonic: Mnemonic,
     passphrase: Option<String>,
@@ -24,13 +25,6 @@ impl fmt::Debug for Seed {
     }
 }
 
-impl Drop for Seed {
-    fn drop(&mut self) {
-        self.mnemonic = Mnemonic::from_entropy(b"00000000000000000000000000000000").unwrap();
-        self.passphrase = None;
-    }
-}
-
 impl Seed {
     pub fn new<S>(mnemonic: Mnemonic, passphrase: Option<S>) -> Self
     where

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ use bdk::bitcoin::secp256k1::{Secp256k1, Signing};`
`8`	`8`	`use bdk::bitcoin::Network;`
`9`	`9`	`use serde::de::Deserializer;`
`10`	`10`	`use serde::{Deserialize, Serialize};`
	`11`	`+use zeroize::{Zeroize, ZeroizeOnDrop};`
`11`	`12`
`12`	`13`	`use crate::bips::bip32::{self, Bip32, ExtendedPubKey, Fingerprint};`
`13`	`14`	`use crate::bips::bip39::Mnemonic;`
`@@ -157,17 +158,16 @@ impl EncryptedKeychain {`
`157`	`158`	`}`
`158`	`159`	`}`
`159`	`160`
`160`		`-#[derive(Deserialize)]`
	`161`	`+#[derive(Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]`
`161`	`162`	`struct KeychainIntermediate {`
`162`	`163`	`mnemonic: Mnemonic,`
`163`	`164`	`passphrases: Vec<String>,`
`164`	`165`	`}`
`165`	`166`
`166`		`-#[derive(Clone, Serialize)]`
	`167`	`+#[derive(Clone, Zeroize, ZeroizeOnDrop)]`
`167`	`168`	`pub struct Keychain {`
`168`	`169`	`mnemonic: Mnemonic,`
`169`	`170`	`passphrases: Vec<String>,`
`170`		`- #[serde(skip_serializing)]`
`171`	`171`	`pub seed: Seed,`
`172`	`172`	`}`
`173`	`173`
`@@ -184,10 +184,16 @@ impl Deref for Keychain {`
`184`	`184`	`}`
`185`	`185`	`}`
`186`	`186`
`187`		`-impl Drop for Keychain {`
`188`		`- fn drop(&mut self) {`
`189`		`- self.mnemonic = Mnemonic::from_entropy(b"00000000000000000000000000000000").unwrap();`
`190`		`- self.passphrases = Vec::new();`
	`187`	`+impl Serialize for Keychain {`
	`188`	`+ fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>`
	`189`	`+ where`
	`190`	`+ S: serde::Serializer,`
	`191`	`+ {`
	`192`	`+ let intermediate = KeychainIntermediate {`
	`193`	`+ mnemonic: self.mnemonic.clone(),`
	`194`	`+ passphrases: self.passphrases.clone(),`
	`195`	`+ };`
	`196`	`+ intermediate.serialize(serializer)`
`191`	`197`	`}`
`192`	`198`	`}`
`193`	`199`
`@@ -197,7 +203,10 @@ impl<'de> Deserialize<'de> for Keychain {`
`197`	`203`	`D: Deserializer<'de>,`
`198`	`204`	`{`
`199`	`205`	`let intermediate = KeychainIntermediate::deserialize(deserializer)?;`
`200`		`- Ok(Self::new(intermediate.mnemonic, intermediate.passphrases))`
	`206`	`+ Ok(Self::new(`
	`207`	`+ intermediate.mnemonic.clone(),`
	`208`	`+ intermediate.passphrases.clone(),`
	`209`	`+ ))`
`201`	`210`	`}`
`202`	`211`	`}`
`203`	`212`