add zeroize API to AES port

this was missed on an earlier pass
betrusted-io · Feb 10, 2024 · a3f8ff6 · a3f8ff6
1 parent eb26e53
commit a3f8ff6
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/services/aes/Cargo.toml b/services/aes/Cargo.toml
@@ -8,6 +8,7 @@ description = "AES library for Xous"
 # Dependency versions enforced by Cargo.lock.
 [dependencies]
 cipher = "0.4.2"
+zeroize = { version = "1.6.0", optional = true, default_features = false }
 
 [features]
 hazmat = []  # Expose cryptographically hazardous APIs

diff --git a/services/aes/src/soft.rs b/services/aes/src/soft.rs
@@ -107,6 +107,17 @@ macro_rules! define_aes_impl {
             fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result { f.write_str(stringify!($name)) }
         }
 
+        impl Drop for $name {
+            #[inline]
+            fn drop(&mut self) {
+                #[cfg(feature = "zeroize")]
+                zeroize::Zeroize::zeroize(&mut self.keys);
+            }
+        }
+
+        #[cfg(feature = "zeroize")]
+        impl zeroize::ZeroizeOnDrop for $name {}
+
         #[doc=$doc]
         ///block cipher (encrypt-only)
         #[derive(Clone)]
@@ -155,6 +166,9 @@ macro_rules! define_aes_impl {
             }
         }
 
+        #[cfg(feature = "zeroize")]
+        impl zeroize::ZeroizeOnDrop for $name_enc {}
+
         #[doc=$doc]
         ///block cipher (decrypt-only)
         #[derive(Clone)]
@@ -213,6 +227,9 @@ macro_rules! define_aes_impl {
             }
         }
 
+        #[cfg(feature = "zeroize")]
+        impl zeroize::ZeroizeOnDrop for $name_dec {}
+
         pub(crate) struct $name_back_enc<'a>(&'a $name);
 
         impl<'a> BlockSizeUser for $name_back_enc<'a> {