Move from Zeroize to ZeroizeOnDrop

Author: daxpedda

Cargo.toml

@@ -26,7 +26,7 @@ std = ["alloc"]
 
 [dependencies]
 curve25519-dalek = { version = "3", default-features = false, optional = true }
-derive-where = { version = "1.0.0-rc.1", features = ["zeroize"] }
+derive-where = { version = "1.0.0-rc.2", features = ["zeroize-on-drop"] }
 digest = "0.10"
 displaydoc = { version = "0.2", default-features = false }
 elliptic-curve = { version = "0.12.0-pre.1", features = [
@@ -41,7 +41,7 @@ serde = { version = "1", default-features = false, features = [
 ], optional = true }
 sha2 = { version = "0.10", default-features = false, optional = true }
 subtle = { version = "2.3", default-features = false }
-zeroize = { version = "1", default-features = false }
+zeroize = { version = "1.5", default-features = false }
 
 [dev-dependencies]
 generic-array = { version = "0.14", features = ["more_lengths"] }
@@ -59,3 +59,6 @@ sha2 = "0.10"
 [package.metadata.docs.rs]
 features = ["danger", "std"]
 targets = []
+
+[patch.crates-io]
+derive-where = { git = "https://github.com/ModProg/derive-where" }

src/lib.rs

@@ -486,7 +486,7 @@
 //!
 //! [curve25519-dalek]: (https://doc.dalek.rs/curve25519_dalek/index.html#backends-and-features)
 
-#![deny(unsafe_code)]
+#![cfg_attr(not(test), deny(unsafe_code))]
 #![no_std]
 #![warn(clippy::cargo, missing_docs)]
 #![allow(clippy::multiple_crate_versions)]

src/voprf.rs

@@ -11,7 +11,7 @@
 use alloc::vec::Vec;
 use core::iter::{self, Map, Repeat, Zip};
 
-use derive_where::DeriveWhere;
+use derive_where::derive_where;
 use digest::core_api::BlockSizeUser;
 use digest::{Digest, Output, OutputSizeUser};
 use generic_array::sequence::Concat;
@@ -62,8 +62,7 @@ impl Mode {
 
 /// A client which engages with a [NonVerifiableServer] in base mode, meaning
 /// that the OPRF outputs are not verifiable.
-#[derive(DeriveWhere)]
-#[derive_where(Clone, Zeroize(drop))]
+#[derive_where(Clone, ZeroizeOnDrop)]
 #[derive_where(Debug, Eq, Hash, Ord, PartialEq, PartialOrd; <CS::Group as Group>::Scalar)]
 #[cfg_attr(
     feature = "serde",
@@ -83,8 +82,7 @@ where
 
 /// A client which engages with a [VerifiableServer] in verifiable mode, meaning
 /// that the OPRF outputs can be checked against a server public key.
-#[derive(DeriveWhere)]
-#[derive_where(Clone, Zeroize(drop))]
+#[derive_where(Clone, ZeroizeOnDrop)]
 #[derive_where(Debug, Eq, Hash, Ord, PartialEq, PartialOrd; <CS::Group as Group>::Scalar, <CS::Group as Group>::Elem)]
 #[cfg_attr(
     feature = "serde",
@@ -107,8 +105,7 @@ where
 
 /// A server which engages with a [NonVerifiableClient] in base mode, meaning
 /// that the OPRF outputs are not verifiable.
-#[derive(DeriveWhere)]
-#[derive_where(Clone, Zeroize(drop))]
+#[derive_where(Clone, ZeroizeOnDrop)]
 #[derive_where(Debug, Eq, Hash, Ord, PartialEq, PartialOrd; <CS::Group as Group>::Scalar)]
 #[cfg_attr(
     feature = "serde",
@@ -128,8 +125,7 @@ where
 
 /// A server which engages with a [VerifiableClient] in verifiable mode, meaning
 /// that the OPRF outputs can be checked against a server public key.
-#[derive(DeriveWhere)]
-#[derive_where(Clone, Zeroize(drop))]
+#[derive_where(Clone, ZeroizeOnDrop)]
 #[derive_where(Debug, Eq, Hash, Ord, PartialEq, PartialOrd; <CS::Group as Group>::Scalar, <CS::Group as Group>::Elem)]
 #[cfg_attr(
     feature = "serde",
@@ -152,8 +148,7 @@ where
 
 /// A proof produced by a [VerifiableServer] that the OPRF output matches
 /// against a server public key.
-#[derive(DeriveWhere)]
-#[derive_where(Clone, Zeroize(drop))]
+#[derive_where(Clone, ZeroizeOnDrop)]
 #[derive_where(Debug, Eq, Hash, Ord, PartialEq, PartialOrd; <CS::Group as Group>::Scalar)]
 #[cfg_attr(
     feature = "serde",
@@ -174,8 +169,7 @@ where
 
 /// The first client message sent from a client (either verifiable or not) to a
 /// server (either verifiable or not).
-#[derive(DeriveWhere)]
-#[derive_where(Clone, Zeroize(drop))]
+#[derive_where(Clone, ZeroizeOnDrop)]
 #[derive_where(Debug, Eq, Hash, Ord, PartialEq, PartialOrd; <CS::Group as Group>::Elem)]
 #[cfg_attr(
     feature = "serde",
@@ -192,8 +186,7 @@ where
 
 /// The server's response to the [BlindedElement] message from a client (either
 /// verifiable or not) to a server (either verifiable or not).
-#[derive(DeriveWhere)]
-#[derive_where(Clone, Zeroize(drop))]
+#[derive_where(Clone, ZeroizeOnDrop)]
 #[derive_where(Debug, Eq, Hash, Ord, PartialEq, PartialOrd; <CS::Group as Group>::Elem)]
 #[cfg_attr(
     feature = "serde",
@@ -712,8 +705,8 @@ where
         IsLess<U256> + IsLessOrEqual<<CS::Hash as BlockSizeUser>::BlockSize>;
 
 /// Contains the prepared `t` by a verifiable server batch evaluate preparation.
-#[derive(DeriveWhere)]
-#[derive_where(Zeroize(drop))]
+#[derive_where(Clone, ZeroizeOnDrop)]
+#[derive_where(Debug, Eq, Hash, Ord, PartialEq, PartialOrd; <CS::Group as Group>::Scalar)]
 pub struct PreparedTscalar<CS: CipherSuite>(<CS::Group as Group>::Scalar)
 where
     <CS::Hash as OutputSizeUser>::OutputSize:
@@ -1212,13 +1205,13 @@ where
 #[cfg(test)]
 mod tests {
     use core::ops::Add;
+    use core::ptr;
 
     use ::alloc::vec;
     use ::alloc::vec::Vec;
     use generic_array::typenum::Sum;
     use generic_array::ArrayLength;
     use rand::rngs::OsRng;
-    use zeroize::Zeroize;
 
     use super::*;
     use crate::Group;
@@ -1474,11 +1467,11 @@ mod tests {
         let client_blind_result = NonVerifiableClient::<CS>::blind(input, &mut rng).unwrap();
 
         let mut state = client_blind_result.state;
-        Zeroize::zeroize(&mut state);
+        unsafe { ptr::drop_in_place(&mut state) };
         assert!(state.serialize().iter().all(|&x| x == 0));
 
         let mut message = client_blind_result.message;
-        Zeroize::zeroize(&mut message);
+        unsafe { ptr::drop_in_place(&mut message) };
         assert!(message.serialize().iter().all(|&x| x == 0));
     }
 
@@ -1494,11 +1487,11 @@ mod tests {
         let client_blind_result = VerifiableClient::<CS>::blind(input, &mut rng).unwrap();
 
         let mut state = client_blind_result.state;
-        Zeroize::zeroize(&mut state);
+        unsafe { ptr::drop_in_place(&mut state) };
         assert!(state.serialize().iter().all(|&x| x == 0));
 
         let mut message = client_blind_result.message;
-        Zeroize::zeroize(&mut message);
+        unsafe { ptr::drop_in_place(&mut message) };
         assert!(message.serialize().iter().all(|&x| x == 0));
     }
 
@@ -1517,11 +1510,11 @@ mod tests {
             .unwrap();
 
         let mut state = server;
-        Zeroize::zeroize(&mut state);
+        unsafe { ptr::drop_in_place(&mut state) };
         assert!(state.serialize().iter().all(|&x| x == 0));
 
         let mut message = server_result.message;
-        Zeroize::zeroize(&mut message);
+        unsafe { ptr::drop_in_place(&mut message) };
         assert!(message.serialize().iter().all(|&x| x == 0));
     }
 
@@ -1544,15 +1537,15 @@ mod tests {
             .unwrap();
 
         let mut state = server;
-        Zeroize::zeroize(&mut state);
+        unsafe { ptr::drop_in_place(&mut state) };
         assert!(state.serialize().iter().all(|&x| x == 0));
 
         let mut message = server_result.message;
-        Zeroize::zeroize(&mut message);
+        unsafe { ptr::drop_in_place(&mut message) };
         assert!(message.serialize().iter().all(|&x| x == 0));
 
         let mut proof = server_result.proof;
-        Zeroize::zeroize(&mut proof);
+        unsafe { ptr::drop_in_place(&mut proof) };
         assert!(proof.serialize().iter().all(|&x| x == 0));
     }