Add zeroize support (#545)

.github/workflows/tiger.yml

@@ -24,7 +24,7 @@ jobs:
   set-msrv:
     uses: RustCrypto/actions/.github/workflows/set-msrv.yml@master
     with:
-        msrv: 1.71.0
+        msrv: 1.74.0
 
   build:
     needs: set-msrv

Cargo.toml

@@ -26,3 +26,6 @@ members = [
 
 [profile.dev]
 opt-level = 2
+
+[patch.crates-io]
+digest = { git = 'https://github.com/RustCrypto/traits' }

README.md

@@ -32,7 +32,7 @@ Additionally all crates do not require the standard library (i.e. `no_std` capab
 | [Skein] | [`skein`] | [![crates.io](https://img.shields.io/crates/v/skein.svg)](https://crates.io/crates/skein) | [![Documentation](https://docs.rs/skein/badge.svg)](https://docs.rs/skein) | ![MSRV 1.71][msrv-1.71] | :green_heart: |
 | [SM3] (OSCCA GM/T 0004-2012) | [`sm3`] | [![crates.io](https://img.shields.io/crates/v/sm3.svg)](https://crates.io/crates/sm3) | [![Documentation](https://docs.rs/sm3/badge.svg)](https://docs.rs/sm3) | ![MSRV 1.71][msrv-1.71] | :green_heart: |
 | [Streebog] (GOST R 34.11-2012) | [`streebog`] | [![crates.io](https://img.shields.io/crates/v/streebog.svg)](https://crates.io/crates/streebog) | [![Documentation](https://docs.rs/streebog/badge.svg)](https://docs.rs/streebog) | ![MSRV 1.71][msrv-1.71] | :yellow_heart: |
-| [Tiger] | [`tiger`] | [![crates.io](https://img.shields.io/crates/v/tiger.svg)](https://crates.io/crates/tiger) | [![Documentation](https://docs.rs/tiger/badge.svg)](https://docs.rs/tiger) | ![MSRV 1.71][msrv-1.71] | :green_heart: |
+| [Tiger] | [`tiger`] | [![crates.io](https://img.shields.io/crates/v/tiger.svg)](https://crates.io/crates/tiger) | [![Documentation](https://docs.rs/tiger/badge.svg)](https://docs.rs/tiger) | ![MSRV 1.74][msrv-1.74] | :green_heart: |
 | [Whirlpool] | [`whirlpool`] | [![crates.io](https://img.shields.io/crates/v/whirlpool.svg)](https://crates.io/crates/whirlpool) | [![Documentation](https://docs.rs/whirlpool/badge.svg)](https://docs.rs/whirlpool) | ![MSRV 1.71][msrv-1.71] | :green_heart: |
 
 NOTE: the [`blake3`] crate implements the `digest` traits used by the rest of the hashes in this repository, but is maintained by the BLAKE3 team.
@@ -235,6 +235,7 @@ Unless you explicitly state otherwise, any contribution intentionally submitted
 [deps-link]: https://deps.rs/repo/github/RustCrypto/hashes
 [msrv-1.71]: https://img.shields.io/badge/rustc-1.71.0+-blue.svg
 [msrv-1.72]: https://img.shields.io/badge/rustc-1.72.0+-blue.svg
+[msrv-1.74]: https://img.shields.io/badge/rustc-1.74.0+-blue.svg
 
 [//]: # (crates)
 

ascon-hash/src/lib.rs

@@ -1,10 +1,10 @@
 #![no_std]
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![doc = include_str!("../README.md")]
 #![doc(
     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg"
 )]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![warn(missing_docs)]
 
 use core::marker::PhantomData;

belt-hash/Cargo.toml

@@ -24,3 +24,8 @@ hex-literal = "0.4"
 default = ["oid", "std"]
 std = ["digest/std"]
 oid = ["digest/oid"]
+zeroize = ["digest/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

belt-hash/src/lib.rs

@@ -1,10 +1,10 @@
 #![no_std]
 #![doc = include_str!("../README.md")]
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![doc(
     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
 )]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![warn(missing_docs, rust_2018_idioms)]
 #![forbid(unsafe_code)]
 
@@ -24,6 +24,9 @@ use digest::{
     HashMarker, Output,
 };
 
+#[cfg(feature = "zeroize")]
+use digest::zeroize::{Zeroize, ZeroizeOnDrop};
+
 const U32_MASK: u128 = (1 << 32) - 1;
 const H0: [u32; 8] = [
     0xC8BA94B1, 0x3BF5080A, 0x8E006D36, 0xE45D4A58, 0x9DFA0485, 0xACC7B61B, 0xC2722E25, 0x0DCEFD02,
@@ -37,6 +40,9 @@ pub struct BeltHashCore {
     h: [u32; 8],
 }
 
+/// BelT hasher state.
+pub type BeltHash = CoreWrapper<BeltHashCore>;
+
 impl BeltHashCore {
     fn compress_block(&mut self, block: &Block<Self>) {
         let x1 = [
@@ -134,8 +140,19 @@ impl AssociatedOid for BeltHashCore {
     const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.112.0.2.0.34.101.31.81");
 }
 
-/// BelT hasher state.
-pub type BeltHash = CoreWrapper<BeltHashCore>;
+impl Drop for BeltHashCore {
+    fn drop(&mut self) {
+        #[cfg(feature = "zeroize")]
+        {
+            self.r.zeroize();
+            self.s.zeroize();
+            self.h.zeroize();
+        }
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl ZeroizeOnDrop for BeltHashCore {}
 
 /// Compression function described in the section 6.3.2
 #[inline(always)]

blake2/Cargo.toml

@@ -22,8 +22,13 @@ hex-literal = "0.4"
 [features]
 default = ["std"]
 std = ["digest/std"]
+zeroize = ["digest/zeroize"]
 reset = [] # Enable reset functionality
 #simd = []
 #simd_opt = ["simd"]
 #simd_asm = ["simd_opt"]
 size_opt = [] # Optimize for code size. Removes some `inline(always)`
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

blake2/src/lib.rs

@@ -4,6 +4,7 @@
     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
 )]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![warn(missing_docs, rust_2018_idioms)]
 #![cfg_attr(feature = "simd", feature(platform_intrinsics, repr_simd))]
 #![cfg_attr(feature = "simd", allow(incomplete_features))]
@@ -30,6 +31,9 @@ use digest::{
 #[cfg(feature = "reset")]
 use digest::{FixedOutputReset, Reset};
 
+#[cfg(feature = "zeroize")]
+use digest::zeroize::{Zeroize, ZeroizeOnDrop};
+
 mod as_bytes;
 mod consts;
 

blake2/src/macros.rs

@@ -246,6 +246,18 @@ macro_rules! blake2_impl {
                 f.write_str(concat!(stringify!($name), " { ... }"))
             }
         }
+
+        impl Drop for $name {
+            fn drop(&mut self) {
+                #[cfg(feature = "zeroize")]
+                {
+                    self.h.zeroize();
+                    self.t.zeroize();
+                }
+            }
+        }
+        #[cfg(feature = "zeroize")]
+        impl ZeroizeOnDrop for $name {}
     };
 }
 
@@ -429,5 +441,28 @@ macro_rules! blake2_mac_impl {
                 write!(f, "{}{} {{ ... }}", stringify!($name), OutSize::USIZE)
             }
         }
+
+        impl<OutSize> Drop for $name<OutSize>
+        where
+            OutSize: ArraySize + IsLessOrEqual<$max_size>,
+            LeEq<OutSize, $max_size>: NonZero,
+        {
+            fn drop(&mut self) {
+                #[cfg(feature = "zeroize")]
+                {
+                    // `self.core` zeroized by its `Drop` impl
+                    self.buffer.zeroize();
+                    #[cfg(feature = "reset")]
+                    self.key_block.zeroize();
+                }
+            }
+        }
+        #[cfg(feature = "zeroize")]
+        impl<OutSize> ZeroizeOnDrop for $name<OutSize>
+        where
+            OutSize: ArraySize + IsLessOrEqual<$max_size>,
+            LeEq<OutSize, $max_size>: NonZero,
+        {
+        }
     };
 }

blake2/src/simd/simdty.rs

@@ -9,6 +9,9 @@
 
 use crate::as_bytes::Safe;
 
+#[cfg(feature = "zeroize")]
+use digest::zeroize::Zeroize;
+
 #[cfg(feature = "simd")]
 macro_rules! decl_simd {
     ($($decl:item)*) => {
@@ -50,6 +53,16 @@ decl_simd! {
                          pub T, pub T, pub T, pub T);
 }
 
+#[cfg(feature = "zeroize")]
+impl<T: Zeroize> Zeroize for Simd4<T> {
+    fn zeroize(&mut self) {
+        self.0.zeroize();
+        self.1.zeroize();
+        self.2.zeroize();
+        self.3.zeroize();
+    }
+}
+
 pub type u64x2 = Simd2<u64>;
 
 pub type u32x4 = Simd4<u32>;

fsb/Cargo.toml

@@ -23,3 +23,8 @@ hex-literal = "0.4"
 [features]
 default = ["std"]
 std = ["digest/std"]
+zeroize = ["digest/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

fsb/src/lib.rs

@@ -4,6 +4,7 @@
     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
 )]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![forbid(unsafe_code)]
 #![warn(missing_docs, rust_2018_idioms)]
 #![allow(non_snake_case)]
@@ -27,6 +28,9 @@ use digest::{
     HashMarker, Output,
 };
 
+#[cfg(feature = "zeroize")]
+use digest::zeroize::{Zeroize, ZeroizeOnDrop};
+
 // FSB-160
 fsb_impl!(
     Fsb160,

fsb/src/macros.rs

@@ -12,6 +12,9 @@ macro_rules! fsb_impl {
             state: [u8; $r / 8],
         }
 
+        #[doc=$full_doc]
+        pub type $full_state = CoreWrapper<$state>;
+
         impl HashMarker for $state {}
 
         impl BlockSizeUser for $state {
@@ -79,8 +82,18 @@ macro_rules! fsb_impl {
             }
         }
 
-        #[doc=$full_doc]
-        pub type $full_state = CoreWrapper<$state>;
+        impl Drop for $state {
+            fn drop(&mut self) {
+                #[cfg(feature = "zeroize")]
+                {
+                    self.state.zeroize();
+                    self.blocks_len.zeroize();
+                }
+            }
+        }
+
+        #[cfg(feature = "zeroize")]
+        impl ZeroizeOnDrop for $state {}
 
         impl $state {
             const SIZE_OUTPUT_COMPRESS: usize = $r / 8;

gost94/Cargo.toml

@@ -23,3 +23,8 @@ hex-literal = "0.4"
 default = ["oid", "std"]
 std = ["digest/std"]
 oid = ["digest/oid"]
+zeroize = ["digest/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

gost94/src/gost94_core.rs

@@ -10,6 +10,9 @@ use digest::{
     HashMarker, Output,
 };
 
+#[cfg(feature = "zeroize")]
+use digest::zeroize::{Zeroize, ZeroizeOnDrop};
+
 use crate::params::{Block, Gost94Params, SBox};
 
 const C: Block = [
@@ -273,3 +276,17 @@ impl<P: Gost94Params> fmt::Debug for Gost94Core<P> {
         f.write_str("Core { .. }")
     }
 }
+
+impl<P: Gost94Params> Drop for Gost94Core<P> {
+    fn drop(&mut self) {
+        #[cfg(feature = "zeroize")]
+        {
+            self.h.zeroize();
+            self.n.zeroize();
+            self.sigma.zeroize();
+        }
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl<P: Gost94Params> ZeroizeOnDrop for Gost94Core<P> {}

gost94/src/lib.rs

@@ -4,6 +4,7 @@
     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
 )]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![warn(missing_docs, rust_2018_idioms)]
 #![forbid(unsafe_code)]
 

groestl/Cargo.toml

@@ -22,3 +22,8 @@ hex-literal = "0.4"
 [features]
 default = ["std"]
 std = ["digest/std"]
+zeroize = ["digest/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]