hare

[hare] The Hare programming language
git clone https://git.torresjrjr.com/hare.git
Log | Files | Refs | README | LICENSE
commit 8b3ed6ce7deb14357c21e695d9fea78a527898d1
parent 37bc2b60eabc8233e23e32d017fb744c53d5dffe
Author: Armin Preiml <apreiml@strohwolke.at>
Date:   Thu, 27 Jun 2024 14:39:16 +0200

crypto::ecdsa: add privkey_finish

Signed-off-by: Armin Preiml <apreiml@strohwolke.at>

Diffstat:

Mcrypto/ecdsa/key.ha | 15++++++++++++---


1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/crypto/ecdsa/key.ha b/crypto/ecdsa/key.ha
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: MPL-2.0
 // (c) Hare authors <https://harelang.org>
 
+use bytes;
 use crypto::ec;
 use io;
 
@@ -34,7 +35,8 @@ fn p384_get_x(priv: *privkey) []u8 = (priv: *p384privkey).x;
 fn p521_get_x(priv: *privkey) []u8 = (priv: *p521privkey).x;
 
 // Creates an unitialized p256 [[privkey]]. The curve is also known as secp256r1
-// or prime256. The key must be initialized using [[newkey]].
+// or prime256. The key must be initialized using [[newkey]]. The key must be
+// finished with [[privkey_finish]] to wipe it from memory.
 export fn p256priv() p256privkey = p256privkey {
 	priv = privkey {
 		curve = ec::p256,
@@ -44,7 +46,8 @@ export fn p256priv() p256privkey = p256privkey {
 };
 
 // Creates an unitialized p384 [[privkey]]. The curve is also known as
-// secp384r1. The key must be initialized using [[newkey]].
+// secp384r1. The key must be initialized using [[newkey]]. The key must be
+// finished with [[privkey_finish]] to wipe it from memory.
 export fn p384priv() p384privkey = p384privkey {
 	priv = privkey {
 		curve = ec::p384,
@@ -54,7 +57,8 @@ export fn p384priv() p384privkey = p384privkey {
 };
 
 // Creates an unitialized p521 [[privkey]]. The curve is also known as
-// secp521r1. The key must be initialized using [[newkey]].
+// secp521r1. The key must be initialized using [[newkey]]. The key must be
+// finished with [[privkey_finish]] to wipe it from memory.
 export fn p521priv() p521privkey = p521privkey {
 	priv = privkey {
 		curve = ec::p521,
@@ -90,6 +94,11 @@ export fn privkey_validate(priv: *privkey) (void | invalidkey) = {
 	};
 };
 
+// Wipes private key data from memory.
+export fn privkey_finish(priv: *privkey) void = {
+	bytes::zero(priv.get_x(priv));
+};
+
 export type p256pubkey = struct {
 	pub: pubkey,
 	q: [ec::P256_POINTSZ]u8,