search

sigp / lighthouse

Ethereum consensus client in Rust
https://lighthouse.sigmaprime.io/
Apache License 2.0
2.87k stars 724 forks source link

Zeroize in BLST #1908

Open paulhauner opened 3 years ago

paulhauner commented 3 years ago

Description

I understand that BLST doesn't Zeroize secret keys. We make good effort to Zeroize other secret keys, so we should do the same here.

sean-sn commented 3 years ago

We added the zeroize attribute to SecretKey in the latest blst crate (v0.3.1). Let us know if that helps or if more should be done.

        #[derive(Default, Debug, Clone, Zeroize)]
        #[zeroize(drop)]
        pub struct SecretKey {
            value: blst_scalar,
        }
ghost commented 3 years ago

Some tests made separately by @pawanjay176 and myself suggest that we may want to be a bit more aggresive and drop the variables before the end of scope.

https://github.com/sigp/lighthouse/blob/c6baa0eed131c5e8ecc5860778ffc7d4a4c18d2d/remote_signer/backend/src/zeroize_string.rs#L73-L95 https://github.com/sigp/lighthouse/blob/c6baa0eed131c5e8ecc5860778ffc7d4a4c18d2d/remote_signer/backend/src/zeroize_string.rs#L121-L158