From 2f1343cc65a3c2ff70ef091fcc56c0e32f1a26e9 Mon Sep 17 00:00:00 2001
From: brentstone <brentstone01@gmail.com>
Date: Thu, 23 Jun 2022 12:33:26 +0200
Subject: [PATCH 1/4] changes to Cargo.toml and Cargo.lock from adding latest
 version of zeroize crate

---
 Cargo.lock                            | 50 ++++++++++++++++-----------
 shared/Cargo.toml                     |  1 +
 wasm/checksums.json                   | 34 +++++++++---------
 wasm/tx_template/Cargo.lock           |  5 +--
 wasm/vp_template/Cargo.lock           |  5 +--
 wasm/wasm_source/Cargo.lock           |  5 +--
 wasm_for_tests/wasm_source/Cargo.lock |  5 +--
 7 files changed, 60 insertions(+), 45 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 31d67389e0..b10595dcad 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -34,7 +34,7 @@ checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8"
 dependencies = [
  "cfg-if 1.0.0",
  "cipher",
- "cpufeatures",
+ "cpufeatures 0.2.2",
  "opaque-debug 0.3.0",
 ]
 
@@ -910,13 +910,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
 name = "chacha20"
-version = "0.7.3"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f08493fa7707effc63254c66c6ea908675912493cd67952eda23c09fae2610b1"
+checksum = "fee7ad89dc1128635074c268ee661f90c3f7e83d9fd12910608c36b47d6c3412"
 dependencies = [
  "cfg-if 1.0.0",
  "cipher",
- "cpufeatures",
+ "cpufeatures 0.1.5",
  "zeroize",
 ]
 
@@ -928,17 +928,17 @@ checksum = "01b72a433d0cf2aef113ba70f62634c56fddb0f244e6377185c56a7cadbd8f91"
 dependencies = [
  "cfg-if 1.0.0",
  "cipher",
- "cpufeatures",
+ "cpufeatures 0.2.2",
 ]
 
 [[package]]
 name = "chacha20poly1305"
-version = "0.8.2"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6547abe025f4027edacd9edaa357aded014eecec42a5070d9b885c3c334aba2"
+checksum = "1580317203210c517b6d44794abfbe600698276db18127e37ad3e69bf5e848e5"
 dependencies = [
  "aead",
- "chacha20 0.7.3",
+ "chacha20 0.7.1",
  "cipher",
  "poly1305",
  "zeroize",
@@ -1123,6 +1123,15 @@ version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
 
+[[package]]
+name = "cpufeatures"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "66c99696f6c9dd7f35d486b9d04d7e6e202aa3e8c40d553f2fdf5e7e0c6a71ef"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "cpufeatures"
 version = "0.2.2"
@@ -1376,9 +1385,9 @@ dependencies = [
 
 [[package]]
 name = "curve25519-dalek"
-version = "3.2.1"
+version = "3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90f9d052967f590a76e62eb387bd0bbb1b000182c3cefe5364db6b7211651bc0"
+checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
 dependencies = [
  "byteorder",
  "digest 0.9.0",
@@ -3928,6 +3937,7 @@ dependencies = [
  "wasmer-engine-universal",
  "wasmer-vm",
  "wasmparser 0.83.0",
+ "zeroize",
 ]
 
 [[package]]
@@ -4752,7 +4762,7 @@ version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "048aeb476be11a4b6ca432ca569e375810de9294ae78f4774e78ea98a9246ede"
 dependencies = [
- "cpufeatures",
+ "cpufeatures 0.2.2",
  "opaque-debug 0.3.0",
  "universal-hash",
 ]
@@ -4764,7 +4774,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8419d2b623c7c0896ff2d5d96e2cb4ede590fed28fcc34934f4c33c036e620a1"
 dependencies = [
  "cfg-if 1.0.0",
- "cpufeatures",
+ "cpufeatures 0.2.2",
  "opaque-debug 0.3.0",
  "universal-hash",
 ]
@@ -5922,7 +5932,7 @@ checksum = "99cd6713db3cf16b6c84e06321e049a9b9f699826e16096d23bbcc44d15d51a6"
 dependencies = [
  "block-buffer 0.9.0",
  "cfg-if 1.0.0",
- "cpufeatures",
+ "cpufeatures 0.2.2",
  "digest 0.9.0",
  "opaque-debug 0.3.0",
 ]
@@ -5934,7 +5944,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "028f48d513f9678cda28f6e4064755b3fbb2af6acd672f2c209b62323f7aea0f"
 dependencies = [
  "cfg-if 1.0.0",
- "cpufeatures",
+ "cpufeatures 0.2.2",
  "digest 0.10.3",
 ]
 
@@ -5958,7 +5968,7 @@ checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800"
 dependencies = [
  "block-buffer 0.9.0",
  "cfg-if 1.0.0",
- "cpufeatures",
+ "cpufeatures 0.2.2",
  "digest 0.9.0",
  "opaque-debug 0.3.0",
 ]
@@ -5970,7 +5980,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "55deaec60f81eefe3cce0dc50bda92d6d8e88f2a27df7c5033b42afeb1ed2676"
 dependencies = [
  "cfg-if 1.0.0",
- "cpufeatures",
+ "cpufeatures 0.2.2",
  "digest 0.10.3",
 ]
 
@@ -8236,9 +8246,9 @@ dependencies = [
 
 [[package]]
 name = "x25519-dalek"
-version = "1.2.0"
+version = "1.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2392b6b94a576b4e2bf3c5b2757d63f10ada8020a2e4d08ac849ebcf6ea8e077"
+checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f"
 dependencies = [
  "curve25519-dalek",
  "rand_core 0.5.1",
@@ -8279,9 +8289,9 @@ dependencies = [
 
 [[package]]
 name = "zeroize"
-version = "1.3.0"
+version = "1.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd"
+checksum = "94693807d016b2f2d2e14420eb3bfcca689311ff775dcf113d74ea624b7cdf07"
 dependencies = [
  "zeroize_derive",
 ]
diff --git a/shared/Cargo.toml b/shared/Cargo.toml
index d63acc035f..570bb4a8e3 100644
--- a/shared/Cargo.toml
+++ b/shared/Cargo.toml
@@ -116,6 +116,7 @@ wasmer-engine-dylib = {version = "=2.2.0", optional = true}
 wasmer-engine-universal = {version = "=2.2.0", optional = true}
 wasmer-vm = {version = "2.2.0", optional = true}
 wasmparser = "0.83.0"
+zeroize = "1.5.5"
 
 [dev-dependencies]
 assert_matches = "1.5.0"
diff --git a/wasm/checksums.json b/wasm/checksums.json
index 1495d6f6f5..be2bac12bf 100644
--- a/wasm/checksums.json
+++ b/wasm/checksums.json
@@ -1,19 +1,19 @@
 {
-    "tx_bond.wasm": "tx_bond.302172cc7d0a7e2278ce58299809875f354925364b25c9b64e92461995c51950.wasm",
-    "tx_from_intent.wasm": "tx_from_intent.19099ad11a5f59272bd5dbd8b7bc7093ae66ae7a2b25034300f1b34d3e37ffd1.wasm",
-    "tx_ibc.wasm": "tx_ibc.9aec1969a37705f9ae5d6e95d13126e0f37e78171ef37c2f0fdd0eb16ac49270.wasm",
-    "tx_init_account.wasm": "tx_init_account.7a45233a98978c67ff005bf8a1fb8f3f7689a75f98684c1735617776f98fabad.wasm",
-    "tx_init_nft.wasm": "tx_init_nft.b0dd29e0e982c3bd04c7a8c4dcd0184d9d827df6a4211794dd74fbdced1e7430.wasm",
-    "tx_init_proposal.wasm": "tx_init_proposal.45be75dc2c22048dce23ae346c895b2be19737a39844416436aac62914847388.wasm",
-    "tx_init_validator.wasm": "tx_init_validator.5a7c9a3a115883359246a4145af11f748ded043b5b36d1cb71e54fb3ef169183.wasm",
-    "tx_mint_nft.wasm": "tx_mint_nft.fd8932515db71638263193930f60c14cec54c11e72e6ab40d8201d0247db0c1a.wasm",
-    "tx_transfer.wasm": "tx_transfer.9e51e5b48ba3ddee699fed334e14fe9a81b7e299b0cfcbf10482b9f784c092c2.wasm",
-    "tx_unbond.wasm": "tx_unbond.020d22fa306850b0a4aade96f711087d03568ed45276fff60226a80de47cc455.wasm",
-    "tx_update_vp.wasm": "tx_update_vp.00d828bdf510d92d971ca59015945c8c00f285a802a655451cc5ee87c5ee99bc.wasm",
-    "tx_vote_proposal.wasm": "tx_vote_proposal.b8aa22d6d22c31fa6c1f4619a81eaa43aa40c8865b91f71449a5f3c65b84eacf.wasm",
-    "tx_withdraw.wasm": "tx_withdraw.b8538e5acfc2945e98b76cc17eb11a03c545021e8f70cf6e5b436219e749b559.wasm",
-    "vp_nft.wasm": "vp_nft.d272e0c50f17c020fe806e03278e83377ec45b81e88432316ce836ee24605f6e.wasm",
-    "vp_testnet_faucet.wasm": "vp_testnet_faucet.79c1da702d67f464453af0b145872bba28913b029508f1257b4a22f69123ec1e.wasm",
-    "vp_token.wasm": "vp_token.04482a8132e91ab726b4a9027f44a84c885c36e3d608e9c4e153d0cfe4f88449.wasm",
-    "vp_user.wasm": "vp_user.e390d55fc2e797fcc4c43bd40b93ea1c3d58544d5f086301a0dbc38bd93388ba.wasm"
+    "tx_bond.wasm": "tx_bond.4cf89dcee2f8bdbcd32dbaa775cfc3a555625ded42abc2e14f3ed74f588e48fc.wasm",
+    "tx_from_intent.wasm": "tx_from_intent.4686836f77003d358d503dc87d887eb8fc05d204803c7429a7c8797f1e8a980d.wasm",
+    "tx_ibc.wasm": "tx_ibc.f9a9eea5f43152e4681c253f051cc4f410e52e7a081af226c87e89940c474941.wasm",
+    "tx_init_account.wasm": "tx_init_account.401ea88ac321c52f1f4c5ae18c365dbc2c72bf0ae5cc4ca3c4dc0bcf493a39b8.wasm",
+    "tx_init_nft.wasm": "tx_init_nft.4c632cbea80c534e8da7785d61bd75c1866bbbb34813585789b01343036f6b2d.wasm",
+    "tx_init_proposal.wasm": "tx_init_proposal.1895eddc512ae33a3151bb4c9221dcbbaa28cade5877550e76f8a2a1b85eed71.wasm",
+    "tx_init_validator.wasm": "tx_init_validator.ffac85a6e5912e71e40dafdca2f86fdd0c0fb10b7c0269ef2730da4808b0f113.wasm",
+    "tx_mint_nft.wasm": "tx_mint_nft.4bedacdc1b6c3af4c3c28be51c6bd770abeeb3b5281b9dc85bc49242da119f45.wasm",
+    "tx_transfer.wasm": "tx_transfer.be41dd45e9e11189f9121a5ac82e3bd3b19e473d7ce7e3fda529fe12e073aa35.wasm",
+    "tx_unbond.wasm": "tx_unbond.1e2a5b321d52135b74189335e04f338c37189bcfc967032504860cae4e62762c.wasm",
+    "tx_update_vp.wasm": "tx_update_vp.d47bfe6ef55a86bce36093feeff74fe09ec7cffebf9696dd37658756a4eb793d.wasm",
+    "tx_vote_proposal.wasm": "tx_vote_proposal.05d61a0b198e2a1c02446e0764c8a1345d1471e20574a4a0b28062fd384e0011.wasm",
+    "tx_withdraw.wasm": "tx_withdraw.4af4f9a999b607f9941400af4e42c6988b1aef71c8f4764a4df2449551181b3d.wasm",
+    "vp_nft.wasm": "vp_nft.f6023b1d856727caafdffae5a75eeac46716ae4f75d653c7650226402e426957.wasm",
+    "vp_testnet_faucet.wasm": "vp_testnet_faucet.d7df80ef8bff74f6788163a2ad4cf36b556df6ef94d5fb18ccc5f8c608a13a48.wasm",
+    "vp_token.wasm": "vp_token.118aef31933858351cf77315069fc2f7c61e7db8891c7990e77f9ffd6ef90af0.wasm",
+    "vp_user.wasm": "vp_user.ecfadfe38747b67ae1fa2c590e634cca723a086d24e3dc46d7db66419441478a.wasm"
 }
\ No newline at end of file
diff --git a/wasm/tx_template/Cargo.lock b/wasm/tx_template/Cargo.lock
index fcda82a6a5..063f40a223 100644
--- a/wasm/tx_template/Cargo.lock
+++ b/wasm/tx_template/Cargo.lock
@@ -1396,6 +1396,7 @@ dependencies = [
  "wasmer-engine-universal",
  "wasmer-vm",
  "wasmparser 0.83.0",
+ "zeroize",
 ]
 
 [[package]]
@@ -3274,9 +3275,9 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
 [[package]]
 name = "zeroize"
-version = "1.5.3"
+version = "1.5.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50344758e2f40e3a1fcfc8f6f91aa57b5f8ebd8d27919fe6451f15aaaf9ee608"
+checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f"
 dependencies = [
  "zeroize_derive",
 ]
diff --git a/wasm/vp_template/Cargo.lock b/wasm/vp_template/Cargo.lock
index 3c82e7293e..7dc2e8f86c 100644
--- a/wasm/vp_template/Cargo.lock
+++ b/wasm/vp_template/Cargo.lock
@@ -1396,6 +1396,7 @@ dependencies = [
  "wasmer-engine-universal",
  "wasmer-vm",
  "wasmparser 0.83.0",
+ "zeroize",
 ]
 
 [[package]]
@@ -3274,9 +3275,9 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
 [[package]]
 name = "zeroize"
-version = "1.5.3"
+version = "1.5.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50344758e2f40e3a1fcfc8f6f91aa57b5f8ebd8d27919fe6451f15aaaf9ee608"
+checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f"
 dependencies = [
  "zeroize_derive",
 ]
diff --git a/wasm/wasm_source/Cargo.lock b/wasm/wasm_source/Cargo.lock
index 6b59401588..5a10a7ae4d 100644
--- a/wasm/wasm_source/Cargo.lock
+++ b/wasm/wasm_source/Cargo.lock
@@ -1396,6 +1396,7 @@ dependencies = [
  "wasmer-engine-universal",
  "wasmer-vm",
  "wasmparser 0.83.0",
+ "zeroize",
 ]
 
 [[package]]
@@ -3289,9 +3290,9 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
 [[package]]
 name = "zeroize"
-version = "1.5.3"
+version = "1.5.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50344758e2f40e3a1fcfc8f6f91aa57b5f8ebd8d27919fe6451f15aaaf9ee608"
+checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f"
 dependencies = [
  "zeroize_derive",
 ]
diff --git a/wasm_for_tests/wasm_source/Cargo.lock b/wasm_for_tests/wasm_source/Cargo.lock
index 2507c11460..97af2f4415 100644
--- a/wasm_for_tests/wasm_source/Cargo.lock
+++ b/wasm_for_tests/wasm_source/Cargo.lock
@@ -1407,6 +1407,7 @@ dependencies = [
  "wasmer-engine-universal",
  "wasmer-vm",
  "wasmparser 0.83.0",
+ "zeroize",
 ]
 
 [[package]]
@@ -3301,9 +3302,9 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
 [[package]]
 name = "zeroize"
-version = "1.5.4"
+version = "1.5.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7eb5728b8afd3f280a869ce1d4c554ffaed35f45c231fc41bfbd0381bef50317"
+checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f"
 dependencies = [
  "zeroize_derive",
 ]

From f9f067455e17f87f91bd0711f5b0fef74d14d3fe Mon Sep 17 00:00:00 2001
From: brentstone <brentstone01@gmail.com>
Date: Thu, 23 Jun 2022 12:38:14 +0200
Subject: [PATCH 2/4] wrap SigningKey in a Box pointer when placing into
 SecretKey struct, test that memory is actually zeroized after dropping
 SecretKey

---
 shared/src/types/key/ed25519.rs | 21 +++++++++++++++------
 shared/src/types/key/mod.rs     | 17 +++++++++++++++++
 wasm/checksums.json             | 30 +++++++++++++++---------------
 3 files changed, 47 insertions(+), 21 deletions(-)

diff --git a/shared/src/types/key/ed25519.rs b/shared/src/types/key/ed25519.rs
index 12e5093bd2..48db89005a 100644
--- a/shared/src/types/key/ed25519.rs
+++ b/shared/src/types/key/ed25519.rs
@@ -9,6 +9,7 @@ use borsh::{BorshDeserialize, BorshSchema, BorshSerialize};
 #[cfg(feature = "rand")]
 use rand::{CryptoRng, RngCore};
 use serde::{Deserialize, Serialize};
+use zeroize::Zeroize;
 
 use super::{
     ParsePublicKeyError, ParseSecretKeyError, ParseSignatureError, RefTo,
@@ -122,8 +123,8 @@ impl FromStr for PublicKey {
 }
 
 /// Ed25519 secret key
-#[derive(Debug, Serialize, Deserialize)]
-pub struct SecretKey(pub ed25519_consensus::SigningKey);
+#[derive(Debug, Serialize, Deserialize, Zeroize)]
+pub struct SecretKey(pub Box<ed25519_consensus::SigningKey>);
 
 impl super::SecretKey for SecretKey {
     type PublicKey = PublicKey;
@@ -157,13 +158,15 @@ impl RefTo<PublicKey> for SecretKey {
 
 impl Clone for SecretKey {
     fn clone(&self) -> SecretKey {
-        SecretKey(ed25519_consensus::SigningKey::from(self.0.to_bytes()))
+        SecretKey(Box::new(ed25519_consensus::SigningKey::from(
+            self.0.to_bytes(),
+        )))
     }
 }
 
 impl BorshDeserialize for SecretKey {
     fn deserialize(buf: &mut &[u8]) -> std::io::Result<Self> {
-        Ok(SecretKey(
+        Ok(SecretKey(Box::new(
             ed25519_consensus::SigningKey::try_from(
                 <[u8; SECRET_KEY_LENGTH] as BorshDeserialize>::deserialize(
                     buf,
@@ -173,7 +176,7 @@ impl BorshDeserialize for SecretKey {
             .map_err(|e| {
                 std::io::Error::new(std::io::ErrorKind::InvalidInput, e)
             })?,
-        ))
+        )))
     }
 }
 
@@ -218,6 +221,12 @@ impl FromStr for SecretKey {
     }
 }
 
+impl Drop for SecretKey {
+    fn drop(&mut self) {
+        self.0.zeroize();
+    }
+}
+
 /// Ed25519 signature
 #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
 pub struct Signature(pub ed25519_consensus::Signature);
@@ -325,7 +334,7 @@ impl super::SigScheme for SigScheme {
     where
         R: CryptoRng + RngCore,
     {
-        SecretKey(ed25519_consensus::SigningKey::new(csprng))
+        SecretKey(Box::new(ed25519_consensus::SigningKey::new(csprng)))
     }
 
     fn sign(keypair: &SecretKey, data: impl AsRef<[u8]>) -> Self::Signature {
diff --git a/shared/src/types/key/mod.rs b/shared/src/types/key/mod.rs
index a1343cd7e5..e7571bb050 100644
--- a/shared/src/types/key/mod.rs
+++ b/shared/src/types/key/mod.rs
@@ -415,6 +415,23 @@ macro_rules! sigscheme_test {
                 println!("Public key: {}", public_key);
                 println!("Secret key: {}", secret_key);
             }
+
+            #[test]
+            fn zeroize_keypair() {
+                use rand::thread_rng;
+
+                let sk = ed25519::SecretKey(Box::new(
+                    ed25519_consensus::SigningKey::new(thread_rng()),
+                ));
+                let len = sk.0.as_bytes().len();
+                let ptr = sk.0.as_bytes().as_ptr();
+
+                drop(sk);
+
+                assert_eq!(&[0u8; 32], unsafe {
+                    core::slice::from_raw_parts(ptr, len)
+                });
+            }
         }
     };
 }
diff --git a/wasm/checksums.json b/wasm/checksums.json
index be2bac12bf..2e55738ba5 100644
--- a/wasm/checksums.json
+++ b/wasm/checksums.json
@@ -1,19 +1,19 @@
 {
-    "tx_bond.wasm": "tx_bond.4cf89dcee2f8bdbcd32dbaa775cfc3a555625ded42abc2e14f3ed74f588e48fc.wasm",
-    "tx_from_intent.wasm": "tx_from_intent.4686836f77003d358d503dc87d887eb8fc05d204803c7429a7c8797f1e8a980d.wasm",
-    "tx_ibc.wasm": "tx_ibc.f9a9eea5f43152e4681c253f051cc4f410e52e7a081af226c87e89940c474941.wasm",
-    "tx_init_account.wasm": "tx_init_account.401ea88ac321c52f1f4c5ae18c365dbc2c72bf0ae5cc4ca3c4dc0bcf493a39b8.wasm",
-    "tx_init_nft.wasm": "tx_init_nft.4c632cbea80c534e8da7785d61bd75c1866bbbb34813585789b01343036f6b2d.wasm",
-    "tx_init_proposal.wasm": "tx_init_proposal.1895eddc512ae33a3151bb4c9221dcbbaa28cade5877550e76f8a2a1b85eed71.wasm",
-    "tx_init_validator.wasm": "tx_init_validator.ffac85a6e5912e71e40dafdca2f86fdd0c0fb10b7c0269ef2730da4808b0f113.wasm",
-    "tx_mint_nft.wasm": "tx_mint_nft.4bedacdc1b6c3af4c3c28be51c6bd770abeeb3b5281b9dc85bc49242da119f45.wasm",
-    "tx_transfer.wasm": "tx_transfer.be41dd45e9e11189f9121a5ac82e3bd3b19e473d7ce7e3fda529fe12e073aa35.wasm",
-    "tx_unbond.wasm": "tx_unbond.1e2a5b321d52135b74189335e04f338c37189bcfc967032504860cae4e62762c.wasm",
+    "tx_bond.wasm": "tx_bond.e8fcf7413067810f82e1c0f54fdc9675a4c686b172db9c44c714310d3f19baf6.wasm",
+    "tx_from_intent.wasm": "tx_from_intent.cd5f7af4d3af9300df8dc16e891f39f85d6497a43a2cd74d30d1dc506649291e.wasm",
+    "tx_ibc.wasm": "tx_ibc.3805f69ceafd60b857a860d26e6fbe2973f309289147cf59c10e0bd65a30057e.wasm",
+    "tx_init_account.wasm": "tx_init_account.8abb68c5f40fa9ea39f03ddb9c387bc84a642bac4f40c7e9ceebb8418b3ccde7.wasm",
+    "tx_init_nft.wasm": "tx_init_nft.564390006d7b8f4f46d215704b05561a7279c92a6fe8f3ec61118a5486a3e092.wasm",
+    "tx_init_proposal.wasm": "tx_init_proposal.5fc912c847cb4d04743b4dea650418a4eae233f4abf91493791a92e3de5050aa.wasm",
+    "tx_init_validator.wasm": "tx_init_validator.92d11bc1cc27818864e13d122179a199043a274f7bba901b11c6474261eb97eb.wasm",
+    "tx_mint_nft.wasm": "tx_mint_nft.9f5b723dd4ed195b489b8456a6d83167829f0b2b8fb479be19b877a60b81c803.wasm",
+    "tx_transfer.wasm": "tx_transfer.032bfa997c8f2ee2cc5bf053f0128880a79a57ad3d8c3ecc6ff0c22e27f47ebd.wasm",
+    "tx_unbond.wasm": "tx_unbond.17444d665b8a7bebb624691eaab318c845c8ce18c557d0af440b7bfdb7efa806.wasm",
     "tx_update_vp.wasm": "tx_update_vp.d47bfe6ef55a86bce36093feeff74fe09ec7cffebf9696dd37658756a4eb793d.wasm",
-    "tx_vote_proposal.wasm": "tx_vote_proposal.05d61a0b198e2a1c02446e0764c8a1345d1471e20574a4a0b28062fd384e0011.wasm",
-    "tx_withdraw.wasm": "tx_withdraw.4af4f9a999b607f9941400af4e42c6988b1aef71c8f4764a4df2449551181b3d.wasm",
-    "vp_nft.wasm": "vp_nft.f6023b1d856727caafdffae5a75eeac46716ae4f75d653c7650226402e426957.wasm",
-    "vp_testnet_faucet.wasm": "vp_testnet_faucet.d7df80ef8bff74f6788163a2ad4cf36b556df6ef94d5fb18ccc5f8c608a13a48.wasm",
+    "tx_vote_proposal.wasm": "tx_vote_proposal.1bee09ffd3a1e577dc9b9d6d5f91c4a6f91a9b2ac9e3a3d8258c00cd12902304.wasm",
+    "tx_withdraw.wasm": "tx_withdraw.75dbdc78924d8072ffcefaed67715d9480dd9f702ac77cf18ee15d0e44a38ab0.wasm",
+    "vp_nft.wasm": "vp_nft.3711eac06bda0c39ab52618bc458df7e6b16ed096bb3930b93ade93c9b7cf23a.wasm",
+    "vp_testnet_faucet.wasm": "vp_testnet_faucet.400be39dcf0fedf099232bdecfa42c2dbe1f0aaede34fb99ec26da3b6623c09a.wasm",
     "vp_token.wasm": "vp_token.118aef31933858351cf77315069fc2f7c61e7db8891c7990e77f9ffd6ef90af0.wasm",
-    "vp_user.wasm": "vp_user.ecfadfe38747b67ae1fa2c590e634cca723a086d24e3dc46d7db66419441478a.wasm"
+    "vp_user.wasm": "vp_user.73136ffcd68e46e2f88d27ae9e48a0731b06d883dd3defcb41b604cc7968c638.wasm"
 }
\ No newline at end of file

From bc0e71ae9e3e0974cc199f964a9568a91ffa7a46 Mon Sep 17 00:00:00 2001
From: brentstone <brentstone01@gmail.com>
Date: Wed, 6 Jul 2022 00:41:27 +0200
Subject: [PATCH 3/4] move zeroize test out of macro (also in advance of
 incorporating secp256k1)

---
 shared/src/types/key/mod.rs | 39 +++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/shared/src/types/key/mod.rs b/shared/src/types/key/mod.rs
index e7571bb050..9deccf75a9 100644
--- a/shared/src/types/key/mod.rs
+++ b/shared/src/types/key/mod.rs
@@ -415,26 +415,31 @@ macro_rules! sigscheme_test {
                 println!("Public key: {}", public_key);
                 println!("Secret key: {}", secret_key);
             }
-
-            #[test]
-            fn zeroize_keypair() {
-                use rand::thread_rng;
-
-                let sk = ed25519::SecretKey(Box::new(
-                    ed25519_consensus::SigningKey::new(thread_rng()),
-                ));
-                let len = sk.0.as_bytes().len();
-                let ptr = sk.0.as_bytes().as_ptr();
-
-                drop(sk);
-
-                assert_eq!(&[0u8; 32], unsafe {
-                    core::slice::from_raw_parts(ptr, len)
-                });
-            }
         }
     };
 }
 
 #[cfg(test)]
 sigscheme_test! {ed25519_test, ed25519::SigScheme}
+
+#[cfg(test)]
+mod more_tests {
+    use super::*;
+
+    #[test]
+    fn zeroize_keypair_ed25519() {
+        use rand::thread_rng;
+
+        let sk = ed25519::SecretKey(Box::new(
+            ed25519_consensus::SigningKey::new(thread_rng()),
+        ));
+        let len = sk.0.as_bytes().len();
+        let ptr = sk.0.as_bytes().as_ptr();
+
+        drop(sk);
+
+        assert_eq!(&[0u8; 32], unsafe {
+            core::slice::from_raw_parts(ptr, len)
+        });
+    }
+}

From 3948c98db41a5e3c38b7b25de870d06bfaab7cb1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Zemanovi=C4=8D?= <tomas@heliax.dev>
Date: Fri, 5 Aug 2022 16:30:15 +0200
Subject: [PATCH 4/4] changelog: add #277

---
 .changelog/unreleased/improvements/277-zeroize-secret-keys.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .changelog/unreleased/improvements/277-zeroize-secret-keys.md

diff --git a/.changelog/unreleased/improvements/277-zeroize-secret-keys.md b/.changelog/unreleased/improvements/277-zeroize-secret-keys.md
new file mode 100644
index 0000000000..27cb40bf55
--- /dev/null
+++ b/.changelog/unreleased/improvements/277-zeroize-secret-keys.md
@@ -0,0 +1,2 @@
+- Zeroize secret keys from memory
+  ([#277](https://github.com/anoma/namada/pull/277))
\ No newline at end of file