Corrected security relevant bug

This commit is contained in:
Hannes 2021-06-18 14:14:30 +02:00
parent 8c0fe153be
commit c10a68bd43
3 changed files with 11 additions and 12 deletions

View file

@ -6,7 +6,7 @@ homepage = "https://github.com/Dione-Software/double-ratchet-2"
repository = "https://github.com/Dione-Software/double-ratchet-2"
readme = "README.md"
keywords = ["double-ratchet", "crypto", "cryptography", "signal"]
version = "0.3.1"
version = "0.3.2"
edition = "2018"
license = "MIT"

View file

@ -17,14 +17,15 @@ pub struct DhKeyPair {
impl Drop for DhKeyPair {
fn drop(&mut self) {
core::mem::drop(&mut self.private_key);
core::mem::drop(&mut self.public_key);
self.private_key = SecretKey::random(&mut OsRng);
self.public_key = self.private_key.public_key();
}
}
impl Zeroize for DhKeyPair {
fn zeroize(&mut self) {
core::mem::drop(self);
self.private_key = SecretKey::random(&mut OsRng);
self.public_key = self.private_key.public_key();
}
}

View file

@ -2,7 +2,7 @@
//!
use crate::dh::DhKeyPair;
use p256::PublicKey;
use p256::{PublicKey, SecretKey};
use hashbrown::HashMap;
use crate::kdf_root::{kdf_rk, kdf_rk_he};
use crate::header::Header;
@ -11,6 +11,7 @@ use crate::kdf_chain::kdf_ck;
use crate::aead::{encrypt, decrypt};
use alloc::string::ToString;
use zeroize::Zeroize;
use rand_core::OsRng;
const MAX_SKIP: usize = 100;
@ -31,12 +32,10 @@ pub struct Ratchet {
impl Drop for Ratchet {
fn drop(&mut self) {
core::mem::drop(&mut self.dhs);
match self.dhr {
Some(d) => {
core::mem::drop(d);
},
None => {}
self.dhs.zeroize();
if let Some(mut _d) = self.dhr {
let sk = SecretKey::random(&mut OsRng);
_d = sk.public_key()
}
self.rk.zeroize();
self.ckr.zeroize();
@ -181,7 +180,6 @@ pub struct RatchetEncHeader {
impl Zeroize for RatchetEncHeader {
fn zeroize(&mut self) {
self.dhs.zeroize();
core::mem::drop(self.dhr);
self.rk.zeroize();
self.cks.zeroize();
self.ckr.zeroize();