Adding zeroize on drop for VRFExpandedPrivateKey (facebook#403)

haochenuw · Sep 21, 2023 · a53939d · a53939d
1 parent ce9f951
commit a53939d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/akd_core/Cargo.toml b/akd_core/Cargo.toml
@@ -43,6 +43,7 @@ ed25519-dalek = { version = "2", features = [
     "legacy_compatibility",
 ], optional = true }
 hex = "0.4"
+zeroize = "1"
 
 ## Optional dependencies ##
 blake3 = { version = "1", optional = true, default-features = false }

diff --git a/akd_core/src/ecvrf/ecvrf_impl.rs b/akd_core/src/ecvrf/ecvrf_impl.rs
@@ -19,6 +19,7 @@ use curve25519_dalek::{
     edwards::{CompressedEdwardsY, EdwardsPoint},
     scalar::Scalar as ed25519_Scalar,
 };
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 /// The length of a node-label's value field in bytes.
 /// This is used for truncation of the hash to this many bytes
@@ -90,6 +91,15 @@ pub struct VRFExpandedPrivateKey {
     pub(super) nonce: [u8; 32],
 }
 
+impl Drop for VRFExpandedPrivateKey {
+    fn drop(&mut self) {
+        self.key.zeroize();
+        self.nonce.zeroize();
+    }
+}
+
+impl ZeroizeOnDrop for VRFExpandedPrivateKey {}
+
 impl VRFPrivateKey {
     /// Produces a proof for an input (using the private key)
     pub fn prove(&self, alpha: &[u8]) -> Proof {