Skip to content

Commit

Permalink
ascon: Add Drop & ZeroizeOnDrop for State (#57)
Browse files Browse the repository at this point in the history
Not zeroizing the state allows to recover any squeezed output. This is
because the `ascon` permutations can be inversed. Hence, access to the
complete state allows to perform this operation.
  • Loading branch information
aewag authored May 23, 2023
1 parent 7cdccab commit e767312
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 3 deletions.
5 changes: 4 additions & 1 deletion ascon/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "ascon"
version = "0.3.1"
version = "0.4.0-pre"
description = "Pure rust implementation of the Ascon permutation"
authors = [
"Sebastian Ramacher <sebastian.ramacher@ait.ac.at>",
Expand All @@ -15,6 +15,9 @@ readme = "README.md"
edition = "2021"
rust-version = "1.56"

[dependencies]
zeroize = { version = "1.6.0", default-features = false, optional=true }

[features]
no_unroll = [] # Do not unroll loops for binary size reduction

Expand Down
16 changes: 14 additions & 2 deletions ascon/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
#![warn(missing_docs)]

use core::mem::size_of;
#[cfg(feature = "zeroize")]
use zeroize::{Zeroize, ZeroizeOnDrop};

/// Produce mask for padding.
#[inline(always)]
Expand All @@ -28,7 +30,7 @@ const fn round_constant(round: u64) -> u64 {
/// The state of Ascon's permutation.
///
/// The permutation operates on a state of 320 bits represented as 5 64 bit words.
#[derive(Clone, Copy, Debug, Default)]
#[derive(Clone, Debug, Default)]
pub struct State {
x: [u64; 5],
}
Expand Down Expand Up @@ -262,6 +264,16 @@ impl AsRef<[u64]> for State {
}
}

#[cfg(feature = "zeroize")]
impl Drop for State {
fn drop(&mut self) {
self.x.zeroize();
}
}

#[cfg(feature = "zeroize")]
impl ZeroizeOnDrop for State {}

#[cfg(test)]
mod tests {
use super::*;
Expand Down Expand Up @@ -378,7 +390,7 @@ mod tests {
0xabcdef0123456789,
0x89abcdef01234567,
);
let mut state2 = state;
let mut state2 = state.clone();

state.permute_6();
state2.permute_n(6);
Expand Down

0 comments on commit e767312

Please sign in to comment.