Implement Zeroize on Drop for GF256 and Share

[zer0x64]

Zeroize is a trait to securely overwrite secrets that uses compiler intrinsics to prevent the overwrite to be optimized away. It is performant and portable.

It would be nice to add the zeroize(drop) on secret data(especially the share) so it is cleared from memory when dropped. This basically reduces a lot the lifetime of sensitive data in memory to protect against memory dumps.

If you want me to implement this, just leave it to me!

[c0dearm]

I see the Zeroize crate is very small and doesn't depend on other crates, it also seems well maintained, so I am fine using it :smile:

Erasing the secret and the shares from memory once dropped seems like a good security practice. But for now let's not consider this issue a priority. Let's keep it here to tackle it in the future.

Thank you very much!

[zer0x64]

I actually need this for a project and it should be really easy to implement, so I'm actually doing it right now!

[c0dearm]

If you don't mind sharing, what is your project about? :)

[zer0x64]

I'm currently adding Secret Sharing to the cryptographic library abstraction we use at work: https://github.com/Devolutions/devolutions-crypto

[zer0x64]

Just took a look at this and this might be a bit harder to do then expected, mostly because the GF256 struct is Copy and that messes with the simple zeroize(drop). Putting this in the backlog for now, but eventually I'll get this sorted out!

[c0dearm]

Yeah, I was forced by the borrow checker to use Copy on GF256, otherwise the values were moved around and caused compilation errors. Maybe we can find a solution to avoid using Copy.

[zer0x64]

Another issue with Copy is that the values get copied around a lot and can be at a lot of places in RAM where they should be. I'll investigate more into this when I have the time!

[zer0x64]

Not "exactly" related, but they talk about adding stack bleaching eventually in this RFC's discussion: https://github.com/rust-lang/rfcs/pull/2859

[c0dearm]

This is great! If that was supported by the language I think that would be a great boost for Rust in the cryptography field