diff --git a/Cargo.toml b/Cargo.toml index 2867e0b..9b0422b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,7 +6,7 @@ homepage = "https://github.com/Dione-Software/double-ratchet-2" repository = "https://github.com/Dione-Software/double-ratchet-2" readme = "README.md" keywords = ["double-ratchet", "crypto", "cryptography", "signal"] -version = "0.3.1" +version = "0.3.2" edition = "2018" license = "MIT" diff --git a/src/dh.rs b/src/dh.rs index 89c4fe2..17863c4 100644 --- a/src/dh.rs +++ b/src/dh.rs @@ -17,14 +17,15 @@ pub struct DhKeyPair { impl Drop for DhKeyPair { fn drop(&mut self) { - core::mem::drop(&mut self.private_key); - core::mem::drop(&mut self.public_key); + self.private_key = SecretKey::random(&mut OsRng); + self.public_key = self.private_key.public_key(); } } impl Zeroize for DhKeyPair { fn zeroize(&mut self) { - core::mem::drop(self); + self.private_key = SecretKey::random(&mut OsRng); + self.public_key = self.private_key.public_key(); } } diff --git a/src/ratchet.rs b/src/ratchet.rs index 4590562..7e2033e 100644 --- a/src/ratchet.rs +++ b/src/ratchet.rs @@ -2,7 +2,7 @@ //! use crate::dh::DhKeyPair; -use p256::PublicKey; +use p256::{PublicKey, SecretKey}; use hashbrown::HashMap; use crate::kdf_root::{kdf_rk, kdf_rk_he}; use crate::header::Header; @@ -11,6 +11,7 @@ use crate::kdf_chain::kdf_ck; use crate::aead::{encrypt, decrypt}; use alloc::string::ToString; use zeroize::Zeroize; +use rand_core::OsRng; const MAX_SKIP: usize = 100; @@ -31,12 +32,10 @@ pub struct Ratchet { impl Drop for Ratchet { fn drop(&mut self) { - core::mem::drop(&mut self.dhs); - match self.dhr { - Some(d) => { - core::mem::drop(d); - }, - None => {} + self.dhs.zeroize(); + if let Some(mut _d) = self.dhr { + let sk = SecretKey::random(&mut OsRng); + _d = sk.public_key() } self.rk.zeroize(); self.ckr.zeroize(); @@ -181,7 +180,6 @@ pub struct RatchetEncHeader { impl Zeroize for RatchetEncHeader { fn zeroize(&mut self) { self.dhs.zeroize(); - core::mem::drop(self.dhr); self.rk.zeroize(); self.cks.zeroize(); self.ckr.zeroize();