Added zeroize (not complete yet) and moved to new repo.

Cargo.toml

@@ -2,18 +2,18 @@
 name = "double-ratchet-2"
 authors = ["Hannes Furmans"]
 description = "Implementation of Double Ratchet as specified by Signal."
-homepage = "https://github.com/Decentrailzed-Communication-System/double-ratchet-2"
+homepage = "https://github.com/Dione-Software/double-ratchet-2"
-repository = "https://github.com/Decentrailzed-Communication-System/double-ratchet-2"
+repository = "https://github.com/Dione-Software/double-ratchet-2"
 readme = "README.md"
 keywords = ["double-ratchet", "crypto", "cryptography", "signal"]
-version = "0.3.0"
+version = "0.3.1"
 edition = "2018"
 license = "MIT"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-p256 = {version = "0.8.1", features = ["zeroize", "ecdh", "arithmetic", "pem"]}
+p256 = {version = "0.9", features = ["zeroize", "ecdh", "arithmetic", "pem"]}
 rand_core = {version = "0.6", features = ["getrandom"]}
 hkdf = "0.11.0"
 hmac = "0.11.0"
@@ -24,6 +24,7 @@ serde = {version = "1.0.125", default-features = false, features = ["derive"]}
 serde_bytes = "0.11.5"
 bincode = "1.3.3"
 hashbrown = "0.11.2"
+zeroize = {version = "1.3.0", features = ["zeroize_derive"]}
 
 [dev-dependencies]
 criterion = "0.3.4"

README.md

@@ -1,12 +1,13 @@
 # double-ratchet-2
 
 [![Crate](https://img.shields.io/crates/v/double-ratchet-2)](https://crates.io/crates/double-ratchet-2)
-[![License](https://img.shields.io/github/license/Decentrailzed-Communication-System/double-ratchet-2)](https://github.com/Decentrailzed-Communication-System/double-ratchet-2/blob/main/LICENSE)
+[![License](https://img.shields.io/github/license/Dione-Software/double-ratchet-2)](https://github.com/Dione-Software/double-ratchet-2/blob/main/LICENSE)
-[![Actions](https://img.shields.io/github/workflow/status/Decentrailzed-Communication-System/double-ratchet-2/Rust)](https://github.com/Decentrailzed-Communication-System/double-ratchet-2/actions)
+[![Actions](https://img.shields.io/github/workflow/status/Dione-Software/double-ratchet-2/Rust)](https://github.com/Dione-Software/double-ratchet-2/actions)
 
 Implementation of the double ratchet system/encryption as specified by [Signal][1].
 
 The implementation follows the cryptographic recommendations provided by [Signal][2].
+The AEAD Algorithm uses a constant Nonce. This might be changed in the future.
 
 ## Example Usage:
 

src/dh.rs

@@ -8,11 +8,26 @@ use alloc::vec::Vec;
 use alloc::string::ToString;
 use p256::elliptic_curve::ecdh::diffie_hellman;
 
+use zeroize::Zeroize;
+
 pub struct DhKeyPair {
     pub private_key: SecretKey,
     pub public_key: PublicKey,
 }
 
+impl Drop for DhKeyPair {
+    fn drop(&mut self) {
+        core::mem::drop(&mut self.private_key);
+        core::mem::drop(&mut self.public_key);
+    }
+}
+
+impl Zeroize for DhKeyPair {
+    fn zeroize(&mut self) {
+        core::mem::drop(self);
+    }
+}
+
 impl DhKeyPair {
     fn ex_public_key_bytes(&self) -> Vec<u8> {
         self.public_key.to_string().as_bytes().to_vec()
@@ -49,7 +64,7 @@ impl Default for DhKeyPair {
 impl DhKeyPair {
     pub fn new() -> Self {
         let secret = SecretKey::random(&mut OsRng);
-        let public = PublicKey::from_secret_scalar(&secret.secret_scalar());
+        let public = PublicKey::from_secret_scalar(&secret.to_secret_scalar());
         DhKeyPair {
             private_key: secret,
             public_key: public,
@@ -57,7 +72,7 @@ impl DhKeyPair {
     }
 
     pub fn key_agreement(&self, public_key: &PublicKey) -> SharedSecret {
-        diffie_hellman(self.private_key.secret_scalar(), public_key.as_affine())
+        diffie_hellman(self.private_key.to_secret_scalar(), public_key.as_affine())
     }
 }
 

src/header.rs

@@ -10,15 +10,17 @@ use aes_gcm_siv::aead::{NewAead, AeadInPlace};
 use crate::dh::gen_key_pair;
 use alloc::string::{ToString, String};
 use core::str::FromStr;
+use zeroize::Zeroize;
 
-#[derive(Debug, Copy, Clone)]
+#[derive(Debug, Clone)]
 pub struct Header {
     pub public_key: PublicKey,
     pub pn: usize, // Previous Chain Length
     pub n: usize, // Message Number
 }
 
-#[derive(Serialize, Deserialize, Debug)]
+#[derive(Serialize, Deserialize, Debug, Zeroize)]
+#[zeroize(drop)]
 struct ExHeader {
     #[serde(with = "serde_bytes")]
     ad: Vec<u8>,
@@ -82,7 +84,7 @@ impl Header {
 impl From<Vec<u8>> for Header {
     fn from(d: Vec<u8>) -> Self {
         let ex_header: ExHeader = bincode::deserialize(&d).unwrap();
-        let public_key_string = String::from_utf8(ex_header.public_key).unwrap();
+        let public_key_string = String::from_utf8(ex_header.public_key.clone()).unwrap();
         Header {
             public_key: PublicKey::from_str(&public_key_string).unwrap(),
             pn: ex_header.pn,
@@ -94,7 +96,7 @@ impl From<Vec<u8>> for Header {
 impl From<&[u8]> for Header {
     fn from(d: &[u8]) -> Self {
         let ex_header: ExHeader = bincode::deserialize(d).unwrap();
-        let public_key_string = String::from_utf8(ex_header.public_key).unwrap();
+        let public_key_string = String::from_utf8(ex_header.public_key.clone()).unwrap();
         Header {
             public_key: PublicKey::from_str(&public_key_string).unwrap(),
             pn: ex_header.pn,

src/lib.rs

@@ -1,6 +1,6 @@
 //! [![Crate](https://img.shields.io/crates/v/double-ratchet-2)](https://crates.io/crates/double-ratchet-2)
-//! [![License](https://img.shields.io/github/license/Decentrailzed-Communication-System/double-ratchet-2)](https://github.com/Decentrailzed-Communication-System/double-ratchet-2/blob/main/LICENSE)
+//! [![License](https://img.shields.io/github/license/Dione-Software/double-ratchet-2)](https://github.com/Dione-Software/double-ratchet-2/blob/main/LICENSE)
-//! [![Actions](https://img.shields.io/github/workflow/status/Decentrailzed-Communication-System/double-ratchet-2/Rust)](https://github.com/Decentrailzed-Communication-System/double-ratchet-2/actions)
+//! [![Actions](https://img.shields.io/github/workflow/status/Dione-Software/double-ratchet-2/Rust)](https://github.com/Dione-Software/double-ratchet-2/actions)
 //!
 //! Implementation of the double ratchet system/encryption as specified by [Signal][1].
 //!

src/ratchet.rs

@@ -10,6 +10,7 @@ use alloc::vec::Vec;
 use crate::kdf_chain::kdf_ck;
 use crate::aead::{encrypt, decrypt};
 use alloc::string::ToString;
+use zeroize::Zeroize;
 
 const MAX_SKIP: usize = 100;
 
@@ -28,6 +29,25 @@ pub struct Ratchet {
     mkskipped: HashMap<(Vec<u8>, usize), [u8; 32]>,
 }
 
+impl Drop for Ratchet {
+    fn drop(&mut self) {
+        core::mem::drop(&mut self.dhs);
+        match self.dhr {
+            Some(d) => {
+                core::mem::drop(d);
+            },
+            None => {}
+        }
+        self.rk.zeroize();
+        self.ckr.zeroize();
+        self.cks.zeroize();
+        self.ns.zeroize();
+        self.nr.zeroize();
+        self.pn.zeroize();
+        self.mkskipped.clear();
+    }
+}
+
 impl Ratchet {
     /// Init Ratchet with other [PublicKey]. Initialized second.
     pub fn init_alice(sk: [u8; 32], bob_dh_public_key: PublicKey) -> Self {
@@ -158,6 +178,31 @@ pub struct RatchetEncHeader {
     mkskipped: HashMap<(Option<[u8; 32]>, usize), [u8; 32]>
 }
 
+impl Zeroize for RatchetEncHeader {
+    fn zeroize(&mut self) {
+        self.dhs.zeroize();
+        core::mem::drop(self.dhr);
+        self.rk.zeroize();
+        self.cks.zeroize();
+        self.ckr.zeroize();
+        self.ns.zeroize();
+        self.nr.zeroize();
+        self.pn.zeroize();
+        self.hks.zeroize();
+        self.hkr.zeroize();
+        self.nhks.zeroize();
+        self.nhkr.zeroize();
+        self.mkskipped.clear();
+
+    }
+}
+
+impl Drop for RatchetEncHeader {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 impl RatchetEncHeader {
     pub fn init_alice(sk: [u8; 32],
                       bob_dh_public_key: PublicKey,