Skip to content

Commit

Permalink
ascon: Add Drop & ZeroizeOnDrop for State
Browse files Browse the repository at this point in the history
Not zeroizing the state allows to recover any squeezed output. This is
because the `ascon` permutations can be inversed. Hence, access to the
complete state allows to perform this operation.
  • Loading branch information
aewag committed May 19, 2023
1 parent 7cdccab commit 647aeac
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
3 changes: 3 additions & 0 deletions ascon/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ readme = "README.md"
edition = "2021"
rust-version = "1.56"

[dependencies]
zeroize = { version = "1.6.0", default-features = false, optional=true }

[features]
no_unroll = [] # Do not unroll loops for binary size reduction

Expand Down
16 changes: 14 additions & 2 deletions ascon/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
#![warn(missing_docs)]

use core::mem::size_of;
#[cfg(feature = "zeroize")]
use zeroize::{Zeroize, ZeroizeOnDrop};

/// Produce mask for padding.
#[inline(always)]
Expand All @@ -28,7 +30,7 @@ const fn round_constant(round: u64) -> u64 {
/// The state of Ascon's permutation.
///
/// The permutation operates on a state of 320 bits represented as 5 64 bit words.
#[derive(Clone, Copy, Debug, Default)]
#[derive(Clone, Debug, Default)]
pub struct State {
x: [u64; 5],
}
Expand Down Expand Up @@ -262,6 +264,16 @@ impl AsRef<[u64]> for State {
}
}

#[cfg(feature = "zeroize")]
impl Drop for State {
fn drop(&mut self) {
self.x.zeroize();
}
}

#[cfg(feature = "zeroize")]
impl ZeroizeOnDrop for State {}

#[cfg(test)]
mod tests {
use super::*;
Expand Down Expand Up @@ -378,7 +390,7 @@ mod tests {
0xabcdef0123456789,
0x89abcdef01234567,
);
let mut state2 = state;
let mut state2 = state.clone();

state.permute_6();
state2.permute_n(6);
Expand Down

0 comments on commit 647aeac

Please sign in to comment.