From 1a33c35ca19b961bad38cfc6d1b5c86302e31417 Mon Sep 17 00:00:00 2001 From: Claudia Richoux Date: Sat, 28 Jan 2023 12:02:20 -0500 Subject: [PATCH 1/5] adding zeroize to everything (this was rly easy...) --- blake2/Cargo.toml | 1 + blake2/src/blake2b.rs | 5 +++-- blake2/src/blake2b/backend.rs | 13 +++++++++++++ blake2/src/blake2b/params.rs | 3 ++- blake2/src/blake2b/state.rs | 4 +++- blake2/src/blake2bp.rs | 5 +++-- blake2/src/blake2s.rs | 5 +++-- blake2/src/blake2s/backend.rs | 14 ++++++++++++++ blake2/src/blake2s/params.rs | 3 ++- blake2/src/blake2s/state.rs | 3 ++- blake2/src/blake2sp.rs | 5 +++-- 11 files changed, 49 insertions(+), 12 deletions(-) diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml index b77a9c4c0..c1ede06e6 100644 --- a/blake2/Cargo.toml +++ b/blake2/Cargo.toml @@ -18,6 +18,7 @@ crypto-mac = "0.8" digest = "0.9" opaque-debug = "0.3" subtle = { version = ">=2, <2.5", default-features = false } +zeroize = { version = "1.1", features = ["zeroize_derive"] } [dev-dependencies] crypto-mac = { version = "0.8", features = ["dev"] } diff --git a/blake2/src/blake2b.rs b/blake2/src/blake2b.rs index bc1c55a61..8380561ac 100644 --- a/blake2/src/blake2b.rs +++ b/blake2/src/blake2b.rs @@ -44,6 +44,7 @@ use digest::{ generic_array::GenericArray, BlockInput, FixedOutputDirty, InvalidOutputSize, Reset, Update, VariableOutputDirty, }; +use zeroize::ZeroizeOnDrop; pub(crate) type Word = u64; pub(crate) type Count = u128; @@ -108,7 +109,7 @@ pub fn blake2b(input: &[u8]) -> Hash { } /// Blake2b instance with a fixed output. -#[derive(Clone, Default)] +#[derive(Clone, Default, ZeroizeOnDrop)] pub struct Blake2b { params: Params, state: State, @@ -192,7 +193,7 @@ opaque_debug::implement!(Blake2b); digest::impl_write!(Blake2b); /// Blake2b instance with a variable output. -#[derive(Clone, Default)] +#[derive(Clone, Default, ZeroizeOnDrop)] pub struct VarBlake2b { params: Params, state: State, diff --git a/blake2/src/blake2b/backend.rs b/blake2/src/blake2b/backend.rs index 5942eb252..02353dacd 100644 --- a/blake2/src/blake2b/backend.rs +++ b/blake2/src/blake2b/backend.rs @@ -9,6 +9,7 @@ mod sse41; use super::*; use arrayref::array_ref; use core::cmp; +use zeroize::Zeroize; #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] pub const MAX_DEGREE: usize = 4; @@ -138,6 +139,12 @@ impl Implementation { } } +impl Zeroize for Implementation { + fn zeroize(&mut self) { + // Nothing to do. + } +} + pub struct Job<'a, 'b> { pub input: &'a [u8], pub words: &'b mut [Word; 8], @@ -181,6 +188,12 @@ pub enum LastNode { No, } +impl Zeroize for LastNode { + fn zeroize(&mut self) { + // Nothing to do. + } +} + impl LastNode { pub fn yes(&self) -> bool { match self { diff --git a/blake2/src/blake2b/params.rs b/blake2/src/blake2b/params.rs index 5c1126188..16ff89e79 100644 --- a/blake2/src/blake2b/params.rs +++ b/blake2/src/blake2b/params.rs @@ -3,6 +3,7 @@ use super::{ }; use arrayref::array_refs; use core::fmt; +use zeroize::ZeroizeOnDrop; /// A parameter builder that exposes all the non-default BLAKE2 features. /// @@ -28,7 +29,7 @@ use core::fmt; /// // Or use those params to build an incremental State. /// let mut state = params.to_state(); /// ``` -#[derive(Clone)] +#[derive(Clone, ZeroizeOnDrop)] pub struct Params { pub(super) hash_length: u8, pub(super) key_length: u8, diff --git a/blake2/src/blake2b/state.rs b/blake2/src/blake2b/state.rs index 138b8230f..7e77aeee9 100644 --- a/blake2/src/blake2b/state.rs +++ b/blake2/src/blake2b/state.rs @@ -2,6 +2,8 @@ use super::{backend, Count, Hash, Params, Word, BLOCKBYTES, OUTBYTES}; use arrayref::mut_array_refs; use core::{cmp, fmt, mem::size_of}; +use zeroize::ZeroizeOnDrop; + /// An incremental hasher for BLAKE2b. /// /// To construct a `State` with non-default parameters, see `Params::to_state`. @@ -19,7 +21,7 @@ use core::{cmp, fmt, mem::size_of}; /// state.update(b"bar"); /// assert_eq!(blake2b(b"foobar"), state.finalize()); /// ``` -#[derive(Clone)] +#[derive(Clone, ZeroizeOnDrop)] pub struct State { pub(super) words: [Word; 8], pub(super) count: Count, diff --git a/blake2/src/blake2bp.rs b/blake2/src/blake2bp.rs index ad8b7c246..64b409213 100644 --- a/blake2/src/blake2bp.rs +++ b/blake2/src/blake2bp.rs @@ -26,6 +26,7 @@ use crate::blake2b::{ many, state, Count, Hash, Word, BLOCKBYTES, KEYBYTES, OUTBYTES, }; use core::{cmp, fmt, mem::size_of}; +use zeroize::ZeroizeOnDrop; pub(crate) const DEGREE: usize = 4; @@ -58,7 +59,7 @@ pub fn blake2bp(input: &[u8]) -> Hash { /// use blake2::blake2bp; /// let mut state = blake2bp::Params::new().hash_length(32).to_state(); /// ``` -#[derive(Clone)] +#[derive(Clone, ZeroizeOnDrop)] pub struct Params { hash_length: u8, key_length: u8, @@ -206,7 +207,7 @@ impl fmt::Debug for Params { /// dfa3205f7f7f71e4f0673d25fa82a368488911f446bccd323af3ab03f53e56e5"; /// assert_eq!(expected, &hash.to_hex()); /// ``` -#[derive(Clone)] +#[derive(Clone, ZeroizeOnDrop)] pub struct State { leaf_words: [[Word; 8]; DEGREE], root_words: [Word; 8], diff --git a/blake2/src/blake2s.rs b/blake2/src/blake2s.rs index 664cff353..751e019b9 100644 --- a/blake2/src/blake2s.rs +++ b/blake2/src/blake2s.rs @@ -43,6 +43,7 @@ use digest::{ generic_array::GenericArray, BlockInput, FixedOutputDirty, InvalidOutputSize, Reset, Update, VariableOutputDirty, }; +use zeroize::ZeroizeOnDrop; pub(crate) type Word = u32; pub(crate) type Count = u64; @@ -97,7 +98,7 @@ pub fn blake2s(input: &[u8]) -> Hash { } /// Blake2s instance with a fixed output. -#[derive(Clone, Default)] +#[derive(Clone, Default, ZeroizeOnDrop)] pub struct Blake2s { params: Params, state: State, @@ -181,7 +182,7 @@ opaque_debug::implement!(Blake2s); digest::impl_write!(Blake2s); /// Blake2s instance with a variable output. -#[derive(Clone, Default)] +#[derive(Clone, Default, ZeroizeOnDrop)] pub struct VarBlake2s { params: Params, state: State, diff --git a/blake2/src/blake2s/backend.rs b/blake2/src/blake2s/backend.rs index c9473566d..d3906f44d 100644 --- a/blake2/src/blake2s/backend.rs +++ b/blake2/src/blake2s/backend.rs @@ -9,6 +9,8 @@ mod sse41; use super::*; use arrayref::array_ref; use core::cmp; +use digest::generic_array::typenum::Zero; +use zeroize::Zeroize; #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] pub const MAX_DEGREE: usize = 8; @@ -136,6 +138,12 @@ impl Implementation { } } +impl Zeroize for Implementation { + fn zeroize(&mut self) { + // Nothing to do. + } +} + pub struct Job<'a, 'b> { pub input: &'a [u8], pub words: &'b mut [Word; 8], @@ -179,6 +187,12 @@ pub enum LastNode { No, } +impl Zeroize for LastNode { + fn zeroize(&mut self) { + // Nothing to do. + } +} + impl LastNode { pub fn yes(&self) -> bool { match self { diff --git a/blake2/src/blake2s/params.rs b/blake2/src/blake2s/params.rs index 3e6cbc705..37009148a 100644 --- a/blake2/src/blake2s/params.rs +++ b/blake2/src/blake2s/params.rs @@ -3,6 +3,7 @@ use super::{ }; use arrayref::array_refs; use core::fmt; +use zeroize::ZeroizeOnDrop; /// A parameter builder that exposes all the non-default BLAKE2 features. /// @@ -28,7 +29,7 @@ use core::fmt; /// // Or use those params to build an incremental State. /// let mut state = params.to_state(); /// ``` -#[derive(Clone)] +#[derive(Clone, ZeroizeOnDrop)] pub struct Params { pub(super) hash_length: u8, pub(super) key_length: u8, diff --git a/blake2/src/blake2s/state.rs b/blake2/src/blake2s/state.rs index 698c4a0d1..4d456a652 100644 --- a/blake2/src/blake2s/state.rs +++ b/blake2/src/blake2s/state.rs @@ -1,6 +1,7 @@ use super::{backend, Count, Hash, Params, Word, BLOCKBYTES, OUTBYTES}; use arrayref::mut_array_refs; use core::{cmp, fmt, mem::size_of}; +use zeroize::ZeroizeOnDrop; /// An incremental hasher for BLAKE2s. /// @@ -19,7 +20,7 @@ use core::{cmp, fmt, mem::size_of}; /// state.update(b"bar"); /// assert_eq!(blake2s(b"foobar"), state.finalize()); /// ``` -#[derive(Clone)] +#[derive(Clone, ZeroizeOnDrop)] pub struct State { pub(super) words: [Word; 8], pub(super) count: Count, diff --git a/blake2/src/blake2sp.rs b/blake2/src/blake2sp.rs index 023d97585..93504251f 100644 --- a/blake2/src/blake2sp.rs +++ b/blake2/src/blake2sp.rs @@ -26,6 +26,7 @@ use crate::blake2s::{ many, state, Count, Hash, Word, BLOCKBYTES, KEYBYTES, OUTBYTES, }; use core::{cmp, fmt, mem::size_of}; +use zeroize::ZeroizeOnDrop; pub(crate) const DEGREE: usize = 8; @@ -57,7 +58,7 @@ pub fn blake2sp(input: &[u8]) -> Hash { /// use blake2::blake2sp; /// let mut state = blake2sp::Params::new().hash_length(32).to_state(); /// ``` -#[derive(Clone)] +#[derive(Clone, ZeroizeOnDrop)] pub struct Params { hash_length: u8, key_length: u8, @@ -213,7 +214,7 @@ impl fmt::Debug for Params { /// let expected = "268120e51df583c61d6bfb7915f1c8ead299696c42f413092cd0b2247e1a388d"; /// assert_eq!(expected, &hash.to_hex()); /// ``` -#[derive(Clone)] +#[derive(Clone, ZeroizeOnDrop)] pub struct State { leaf_words: [[Word; 8]; DEGREE], root_words: [Word; 8], From d3eb78a01b7db638abf3d0089304340499cb6f53 Mon Sep 17 00:00:00 2001 From: Claudia Richoux Date: Sat, 28 Jan 2023 12:06:14 -0500 Subject: [PATCH 2/5] making clippy happy --- blake2/src/blake2s/backend.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/blake2/src/blake2s/backend.rs b/blake2/src/blake2s/backend.rs index d3906f44d..73b2c1dba 100644 --- a/blake2/src/blake2s/backend.rs +++ b/blake2/src/blake2s/backend.rs @@ -9,7 +9,6 @@ mod sse41; use super::*; use arrayref::array_ref; use core::cmp; -use digest::generic_array::typenum::Zero; use zeroize::Zeroize; #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] From 17b1635cd5827cea5cb544294715f8beb26ffbb0 Mon Sep 17 00:00:00 2001 From: Claudia Richoux Date: Sat, 28 Jan 2023 18:33:29 -0500 Subject: [PATCH 3/5] i'm blaming this one on copilot --- blake2/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml index c1ede06e6..16939396b 100644 --- a/blake2/Cargo.toml +++ b/blake2/Cargo.toml @@ -18,7 +18,7 @@ crypto-mac = "0.8" digest = "0.9" opaque-debug = "0.3" subtle = { version = ">=2, <2.5", default-features = false } -zeroize = { version = "1.1", features = ["zeroize_derive"] } +zeroize = { version = "1.5.7", features = ["zeroize_derive"] } [dev-dependencies] crypto-mac = { version = "0.8", features = ["dev"] } From b4d0285c705eccad70ddbe859cdec0be8844e1c6 Mon Sep 17 00:00:00 2001 From: Claudia Richoux Date: Sat, 28 Jan 2023 18:41:42 -0500 Subject: [PATCH 4/5] removing sizeofs --- blake2/src/blake2b.rs | 10 +++++----- blake2/src/blake2b/backend.rs | 2 +- blake2/src/blake2s.rs | 10 +++++----- blake2/src/blake2s/backend.rs | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/blake2/src/blake2b.rs b/blake2/src/blake2b.rs index 8380561ac..e4ccb1065 100644 --- a/blake2/src/blake2b.rs +++ b/blake2/src/blake2b.rs @@ -51,20 +51,20 @@ pub(crate) type Count = u128; type Output = GenericArray; /// The max hash length. -pub const OUTBYTES: usize = 8 * size_of::(); +pub const OUTBYTES: usize = 8 * (Word::BITS as usize / 8); /// The max key length. -pub const KEYBYTES: usize = 8 * size_of::(); +pub const KEYBYTES: usize = 8 * (Word::BITS as usize / 8); /// The max salt length. -pub const SALTBYTES: usize = 2 * size_of::(); +pub const SALTBYTES: usize = 2 * (Word::BITS as usize / 8); /// The max personalization length. -pub const PERSONALBYTES: usize = 2 * size_of::(); +pub const PERSONALBYTES: usize = 2 * (Word::BITS as usize / 8); /// The number input bytes passed to each call to the compression function. Small benchmarks need /// to use an even multiple of `BLOCKBYTES`, or else their apparent throughput will be low. -pub const BLOCKBYTES: usize = 16 * size_of::(); +pub const BLOCKBYTES: usize = 16 * (Word::BITS as usize / 8); const IV: [Word; 8] = [ 0x6A09E667F3BCC908, diff --git a/blake2/src/blake2b/backend.rs b/blake2/src/blake2b/backend.rs index 02353dacd..613d15ad3 100644 --- a/blake2/src/blake2b/backend.rs +++ b/blake2/src/blake2b/backend.rs @@ -225,7 +225,7 @@ pub(crate) fn count_low(count: Count) -> Word { } pub(crate) fn count_high(count: Count) -> Word { - (count >> (8 * size_of::())) as Word + (count >> (8 * (Word::BITS as usize / 8))) as Word } #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] diff --git a/blake2/src/blake2s.rs b/blake2/src/blake2s.rs index 751e019b9..bf9732ab9 100644 --- a/blake2/src/blake2s.rs +++ b/blake2/src/blake2s.rs @@ -50,20 +50,20 @@ pub(crate) type Count = u64; type Output = GenericArray; /// The max hash length. -pub const OUTBYTES: usize = 8 * size_of::(); +pub const OUTBYTES: usize = 8 * (Word::BITS as usize / 8); /// The max key length. -pub const KEYBYTES: usize = 8 * size_of::(); +pub const KEYBYTES: usize = 8 * (Word::BITS as usize / 8); /// The max salt length. -pub const SALTBYTES: usize = 2 * size_of::(); +pub const SALTBYTES: usize = 2 * (Word::BITS as usize / 8); /// The max personalization length. -pub const PERSONALBYTES: usize = 2 * size_of::(); +pub const PERSONALBYTES: usize = 2 * (Word::BITS as usize / 8); /// The number input bytes passed to each call to the compression function. Small benchmarks need /// to use an even multiple of `BLOCKBYTES`, or else their apparent throughput will be low. -pub const BLOCKBYTES: usize = 16 * size_of::(); +pub const BLOCKBYTES: usize = 16 * (Word::BITS as usize / 8); const IV: [Word; 8] = [ 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19, diff --git a/blake2/src/blake2s/backend.rs b/blake2/src/blake2s/backend.rs index 73b2c1dba..6b6b17e09 100644 --- a/blake2/src/blake2s/backend.rs +++ b/blake2/src/blake2s/backend.rs @@ -223,7 +223,7 @@ pub(crate) fn count_low(count: Count) -> Word { } pub(crate) fn count_high(count: Count) -> Word { - (count >> (8 * size_of::())) as Word + (count >> (8 * (Word::BITS as usize / 8))) as Word } #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] From 86229382029d208361655421620ba97f2a22aca4 Mon Sep 17 00:00:00 2001 From: Claudia Richoux Date: Sat, 28 Jan 2023 19:19:39 -0500 Subject: [PATCH 5/5] make it a feature --- blake2/Cargo.toml | 3 ++- blake2/src/blake2b.rs | 7 +++++-- blake2/src/blake2b/backend.rs | 3 +++ blake2/src/blake2b/params.rs | 4 +++- blake2/src/blake2b/state.rs | 4 +++- blake2/src/blake2bp.rs | 7 +++++-- blake2/src/blake2s.rs | 7 +++++-- blake2/src/blake2s/backend.rs | 3 +++ blake2/src/blake2s/params.rs | 4 +++- blake2/src/blake2s/state.rs | 4 +++- blake2/src/blake2sp.rs | 7 +++++-- 11 files changed, 40 insertions(+), 13 deletions(-) diff --git a/blake2/Cargo.toml b/blake2/Cargo.toml index 16939396b..9bba9024c 100644 --- a/blake2/Cargo.toml +++ b/blake2/Cargo.toml @@ -18,7 +18,7 @@ crypto-mac = "0.8" digest = "0.9" opaque-debug = "0.3" subtle = { version = ">=2, <2.5", default-features = false } -zeroize = { version = "1.5.7", features = ["zeroize_derive"] } +zeroize = { version = "1.5.7", features = ["zeroize_derive"], default-features = false, optional = true } [dev-dependencies] crypto-mac = { version = "0.8", features = ["dev"] } @@ -40,6 +40,7 @@ blake2s = [] # performance. This feature disables some inlining, improving the performance # of the portable implementation in that specific case. uninline_portable = [] +zeroize = ["zeroize/zeroize_derive"] [package.metadata.docs.rs] all-features = true diff --git a/blake2/src/blake2b.rs b/blake2/src/blake2b.rs index e4ccb1065..6d837bf02 100644 --- a/blake2/src/blake2b.rs +++ b/blake2/src/blake2b.rs @@ -44,6 +44,7 @@ use digest::{ generic_array::GenericArray, BlockInput, FixedOutputDirty, InvalidOutputSize, Reset, Update, VariableOutputDirty, }; +#[cfg(feature = "zeroize")] use zeroize::ZeroizeOnDrop; pub(crate) type Word = u64; @@ -109,7 +110,8 @@ pub fn blake2b(input: &[u8]) -> Hash { } /// Blake2b instance with a fixed output. -#[derive(Clone, Default, ZeroizeOnDrop)] +#[derive(Clone, Default)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct Blake2b { params: Params, state: State, @@ -193,7 +195,8 @@ opaque_debug::implement!(Blake2b); digest::impl_write!(Blake2b); /// Blake2b instance with a variable output. -#[derive(Clone, Default, ZeroizeOnDrop)] +#[derive(Clone, Default)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct VarBlake2b { params: Params, state: State, diff --git a/blake2/src/blake2b/backend.rs b/blake2/src/blake2b/backend.rs index 613d15ad3..c9a11a12b 100644 --- a/blake2/src/blake2b/backend.rs +++ b/blake2/src/blake2b/backend.rs @@ -9,6 +9,7 @@ mod sse41; use super::*; use arrayref::array_ref; use core::cmp; +#[cfg(feature = "zeroize")] use zeroize::Zeroize; #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] @@ -139,6 +140,7 @@ impl Implementation { } } +#[cfg(feature = "zeroize")] impl Zeroize for Implementation { fn zeroize(&mut self) { // Nothing to do. @@ -188,6 +190,7 @@ pub enum LastNode { No, } +#[cfg(feature = "zeroize")] impl Zeroize for LastNode { fn zeroize(&mut self) { // Nothing to do. diff --git a/blake2/src/blake2b/params.rs b/blake2/src/blake2b/params.rs index 16ff89e79..f910edc49 100644 --- a/blake2/src/blake2b/params.rs +++ b/blake2/src/blake2b/params.rs @@ -3,6 +3,7 @@ use super::{ }; use arrayref::array_refs; use core::fmt; +#[cfg(feature = "zeroize")] use zeroize::ZeroizeOnDrop; /// A parameter builder that exposes all the non-default BLAKE2 features. @@ -29,7 +30,8 @@ use zeroize::ZeroizeOnDrop; /// // Or use those params to build an incremental State. /// let mut state = params.to_state(); /// ``` -#[derive(Clone, ZeroizeOnDrop)] +#[derive(Clone)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct Params { pub(super) hash_length: u8, pub(super) key_length: u8, diff --git a/blake2/src/blake2b/state.rs b/blake2/src/blake2b/state.rs index 7e77aeee9..4fb686ede 100644 --- a/blake2/src/blake2b/state.rs +++ b/blake2/src/blake2b/state.rs @@ -2,6 +2,7 @@ use super::{backend, Count, Hash, Params, Word, BLOCKBYTES, OUTBYTES}; use arrayref::mut_array_refs; use core::{cmp, fmt, mem::size_of}; +#[cfg(feature = "zeroize")] use zeroize::ZeroizeOnDrop; /// An incremental hasher for BLAKE2b. @@ -21,7 +22,8 @@ use zeroize::ZeroizeOnDrop; /// state.update(b"bar"); /// assert_eq!(blake2b(b"foobar"), state.finalize()); /// ``` -#[derive(Clone, ZeroizeOnDrop)] +#[derive(Clone)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct State { pub(super) words: [Word; 8], pub(super) count: Count, diff --git a/blake2/src/blake2bp.rs b/blake2/src/blake2bp.rs index 64b409213..7f61cd337 100644 --- a/blake2/src/blake2bp.rs +++ b/blake2/src/blake2bp.rs @@ -26,6 +26,7 @@ use crate::blake2b::{ many, state, Count, Hash, Word, BLOCKBYTES, KEYBYTES, OUTBYTES, }; use core::{cmp, fmt, mem::size_of}; +#[cfg(feature = "zeroize")] use zeroize::ZeroizeOnDrop; pub(crate) const DEGREE: usize = 4; @@ -59,7 +60,8 @@ pub fn blake2bp(input: &[u8]) -> Hash { /// use blake2::blake2bp; /// let mut state = blake2bp::Params::new().hash_length(32).to_state(); /// ``` -#[derive(Clone, ZeroizeOnDrop)] +#[derive(Clone)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct Params { hash_length: u8, key_length: u8, @@ -207,7 +209,8 @@ impl fmt::Debug for Params { /// dfa3205f7f7f71e4f0673d25fa82a368488911f446bccd323af3ab03f53e56e5"; /// assert_eq!(expected, &hash.to_hex()); /// ``` -#[derive(Clone, ZeroizeOnDrop)] +#[derive(Clone)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct State { leaf_words: [[Word; 8]; DEGREE], root_words: [Word; 8], diff --git a/blake2/src/blake2s.rs b/blake2/src/blake2s.rs index bf9732ab9..3851ccc62 100644 --- a/blake2/src/blake2s.rs +++ b/blake2/src/blake2s.rs @@ -43,6 +43,7 @@ use digest::{ generic_array::GenericArray, BlockInput, FixedOutputDirty, InvalidOutputSize, Reset, Update, VariableOutputDirty, }; +#[cfg(feature = "zeroize")] use zeroize::ZeroizeOnDrop; pub(crate) type Word = u32; @@ -98,7 +99,8 @@ pub fn blake2s(input: &[u8]) -> Hash { } /// Blake2s instance with a fixed output. -#[derive(Clone, Default, ZeroizeOnDrop)] +#[derive(Clone, Default)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct Blake2s { params: Params, state: State, @@ -182,7 +184,8 @@ opaque_debug::implement!(Blake2s); digest::impl_write!(Blake2s); /// Blake2s instance with a variable output. -#[derive(Clone, Default, ZeroizeOnDrop)] +#[derive(Clone, Default)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct VarBlake2s { params: Params, state: State, diff --git a/blake2/src/blake2s/backend.rs b/blake2/src/blake2s/backend.rs index 6b6b17e09..4da0ff888 100644 --- a/blake2/src/blake2s/backend.rs +++ b/blake2/src/blake2s/backend.rs @@ -9,6 +9,7 @@ mod sse41; use super::*; use arrayref::array_ref; use core::cmp; +#[cfg(feature = "zeroize")] use zeroize::Zeroize; #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] @@ -137,6 +138,7 @@ impl Implementation { } } +#[cfg(feature = "zeroize")] impl Zeroize for Implementation { fn zeroize(&mut self) { // Nothing to do. @@ -186,6 +188,7 @@ pub enum LastNode { No, } +#[cfg(feature = "zeroize")] impl Zeroize for LastNode { fn zeroize(&mut self) { // Nothing to do. diff --git a/blake2/src/blake2s/params.rs b/blake2/src/blake2s/params.rs index 37009148a..97c81ec02 100644 --- a/blake2/src/blake2s/params.rs +++ b/blake2/src/blake2s/params.rs @@ -3,6 +3,7 @@ use super::{ }; use arrayref::array_refs; use core::fmt; +#[cfg(feature = "zeroize")] use zeroize::ZeroizeOnDrop; /// A parameter builder that exposes all the non-default BLAKE2 features. @@ -29,7 +30,8 @@ use zeroize::ZeroizeOnDrop; /// // Or use those params to build an incremental State. /// let mut state = params.to_state(); /// ``` -#[derive(Clone, ZeroizeOnDrop)] +#[derive(Clone)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct Params { pub(super) hash_length: u8, pub(super) key_length: u8, diff --git a/blake2/src/blake2s/state.rs b/blake2/src/blake2s/state.rs index 4d456a652..e0c7e951c 100644 --- a/blake2/src/blake2s/state.rs +++ b/blake2/src/blake2s/state.rs @@ -1,6 +1,7 @@ use super::{backend, Count, Hash, Params, Word, BLOCKBYTES, OUTBYTES}; use arrayref::mut_array_refs; use core::{cmp, fmt, mem::size_of}; +#[cfg(feature = "zeroize")] use zeroize::ZeroizeOnDrop; /// An incremental hasher for BLAKE2s. @@ -20,7 +21,8 @@ use zeroize::ZeroizeOnDrop; /// state.update(b"bar"); /// assert_eq!(blake2s(b"foobar"), state.finalize()); /// ``` -#[derive(Clone, ZeroizeOnDrop)] +#[derive(Clone)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct State { pub(super) words: [Word; 8], pub(super) count: Count, diff --git a/blake2/src/blake2sp.rs b/blake2/src/blake2sp.rs index 93504251f..b4731ee05 100644 --- a/blake2/src/blake2sp.rs +++ b/blake2/src/blake2sp.rs @@ -26,6 +26,7 @@ use crate::blake2s::{ many, state, Count, Hash, Word, BLOCKBYTES, KEYBYTES, OUTBYTES, }; use core::{cmp, fmt, mem::size_of}; +#[cfg(feature = "zeroize")] use zeroize::ZeroizeOnDrop; pub(crate) const DEGREE: usize = 8; @@ -58,7 +59,8 @@ pub fn blake2sp(input: &[u8]) -> Hash { /// use blake2::blake2sp; /// let mut state = blake2sp::Params::new().hash_length(32).to_state(); /// ``` -#[derive(Clone, ZeroizeOnDrop)] +#[derive(Clone)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct Params { hash_length: u8, key_length: u8, @@ -214,7 +216,8 @@ impl fmt::Debug for Params { /// let expected = "268120e51df583c61d6bfb7915f1c8ead299696c42f413092cd0b2247e1a388d"; /// assert_eq!(expected, &hash.to_hex()); /// ``` -#[derive(Clone, ZeroizeOnDrop)] +#[derive(Clone)] +#[cfg_attr(feature = "zeroize", derive(ZeroizeOnDrop))] pub struct State { leaf_words: [[Word; 8]; DEGREE], root_words: [Word; 8],