Improve (SigningKey|PrivateKey)::to_bytes() to use zerozing on output

touilleMan · touilleMan · commit cdaa7c117bc1 · 2025-12-12T17:25:08.000+01:00
diff --git a/libparsec/crates/crypto/src/rustcrypto/private.rs b/libparsec/crates/crypto/src/rustcrypto/private.rs
@@ -199,8 +199,8 @@ impl PrivateKey {
         Ok(SecretKey::try_from(&raw_512[..Self::SIZE]).expect("valid size"))
     }
 
-    pub fn to_bytes(&self) -> [u8; KEY_SIZE] {
-        self.0.to_bytes()
+    pub fn to_bytes(&self) -> zeroize::Zeroizing<[u8; KEY_SIZE]> {
+        self.0.to_bytes().into()
     }
 }
 
diff --git a/libparsec/crates/crypto/src/rustcrypto/sign.rs b/libparsec/crates/crypto/src/rustcrypto/sign.rs
@@ -53,8 +53,8 @@ impl SigningKey {
         self.0.sign(data).to_bytes()
     }
 
-    pub fn to_bytes(&self) -> [u8; Self::SIZE] {
-        self.0.to_bytes()
+    pub fn to_bytes(&self) -> zeroize::Zeroizing<[u8; Self::SIZE]> {
+        self.0.to_bytes().into()
     }
 }
 
@@ -86,7 +86,7 @@ impl Serialize for SigningKey {
     where
         S: serde::Serializer,
     {
-        serializer.serialize_bytes(&self.to_bytes())
+        serializer.serialize_bytes(self.to_bytes().as_ref())
     }
 }
 
diff --git a/libparsec/crates/crypto/src/sodium/private.rs b/libparsec/crates/crypto/src/sodium/private.rs
@@ -107,8 +107,8 @@ impl PrivateKey {
         Ok(key)
     }
 
-    pub fn to_bytes(&self) -> [u8; Self::SIZE] {
-        self.0.as_bytes().to_owned()
+    pub fn to_bytes(&self) -> zeroize::Zeroizing<[u8; Self::SIZE]> {
+        self.0.as_bytes().to_owned().into()
     }
 }
 
diff --git a/libparsec/crates/crypto/src/sodium/sign.rs b/libparsec/crates/crypto/src/sodium/sign.rs
@@ -51,10 +51,11 @@ impl SigningKey {
         sign_detached(data, &self.0).expect("Cannot sign data")
     }
 
-    pub fn to_bytes(&self) -> [u8; Self::SIZE] {
+    pub fn to_bytes(&self) -> zeroize::Zeroizing<[u8; Self::SIZE]> {
         // SecretKey is composed of Seed then PublicKey, we export only seed here
         <[u8; Self::SIZE]>::try_from(&self.0.as_bytes()[..Self::SIZE])
             .expect("The internal array is > Self::SIZE")
+            .into()
     }
 }
 
diff --git a/libparsec/crates/crypto/tests/unit/private.rs b/libparsec/crates/crypto/tests/unit/private.rs
@@ -186,3 +186,67 @@ fn pubkey_hash() {
     assert_eq!(hash(&vk1), hash(&vk1));
     assert_ne!(hash(&vk1), hash(&vk2));
 }
+
+#[platform::test]
+fn private_key_from() {
+    let raw = hex!("78958e49abad190be2d51bab73af07f87682cfcd65cceedd27e4b2a94bfd8537");
+    let key = PrivateKey::from(raw);
+
+    assert_eq!(*key.to_bytes(), raw);
+}
+
+#[platform::test]
+fn private_key_try_from_array_of_u8() {
+    let raw = hex!("78958e49abad190be2d51bab73af07f87682cfcd65cceedd27e4b2a94bfd8537");
+    let key = PrivateKey::try_from(raw.as_ref()).unwrap();
+
+    assert_eq!(*key.to_bytes(), raw);
+
+    let outcome = PrivateKey::try_from(b"<too_small>".as_ref());
+
+    assert_eq!(outcome, Err(CryptoError::DataSize));
+}
+
+#[platform::test]
+fn private_key_try_from_serde_bytes() {
+    let raw = hex!("78958e49abad190be2d51bab73af07f87682cfcd65cceedd27e4b2a94bfd8537");
+    let key = PrivateKey::try_from(serde_bytes::Bytes::new(&raw)).unwrap();
+
+    assert_eq!(*key.to_bytes(), raw);
+
+    let outcome = PrivateKey::try_from(serde_bytes::Bytes::new(b"<too_small>"));
+
+    assert_eq!(outcome, Err(CryptoError::DataSize));
+}
+
+#[platform::test]
+fn publickey_key_try_from_static_array_of_u8() {
+    let raw = hex!("78958e49abad190be2d51bab73af07f87682cfcd65cceedd27e4b2a94bfd8537");
+    let key = PublicKey::from(raw);
+
+    assert_eq!(key.as_ref(), raw);
+}
+
+#[platform::test]
+fn publickey_key_try_from_array_of_u8() {
+    let raw = hex!("78958e49abad190be2d51bab73af07f87682cfcd65cceedd27e4b2a94bfd8537");
+    let key = PublicKey::try_from(raw.as_ref()).unwrap();
+
+    assert_eq!(key.as_ref(), raw);
+
+    let outcome = PublicKey::try_from(b"<too_small>".as_ref());
+
+    assert_eq!(outcome, Err(CryptoError::DataSize));
+}
+
+#[platform::test]
+fn publickey_key_try_from_serde_bytes() {
+    let raw = hex!("78958e49abad190be2d51bab73af07f87682cfcd65cceedd27e4b2a94bfd8537");
+    let key = PublicKey::try_from(serde_bytes::Bytes::new(&raw)).unwrap();
+
+    assert_eq!(key.as_ref(), raw);
+
+    let outcome = PublicKey::try_from(serde_bytes::Bytes::new(b"<too_small>"));
+
+    assert_eq!(outcome, Err(CryptoError::DataSize));
+}
diff --git a/libparsec/crates/crypto/tests/unit/sign.rs b/libparsec/crates/crypto/tests/unit/sign.rs
@@ -187,15 +187,15 @@ fn signing_key_from() {
     let raw = hex!("78958e49abad190be2d51bab73af07f87682cfcd65cceedd27e4b2a94bfd8537");
     let key = SigningKey::from(raw);
 
-    assert_eq!(key.to_bytes(), raw);
+    assert_eq!(*key.to_bytes(), raw);
 }
 
 #[platform::test]
 fn signing_key_try_from_array_of_u8() {
     let raw = hex!("78958e49abad190be2d51bab73af07f87682cfcd65cceedd27e4b2a94bfd8537");
     let key = SigningKey::try_from(raw.as_ref()).unwrap();
 
-    assert_eq!(key.to_bytes(), raw);
+    assert_eq!(*key.to_bytes(), raw);
 
     let outcome = SigningKey::try_from(b"<too_small>".as_ref());
 
@@ -207,7 +207,7 @@ fn signing_key_try_from_serde_bytes() {
     let raw = hex!("78958e49abad190be2d51bab73af07f87682cfcd65cceedd27e4b2a94bfd8537");
     let key = SigningKey::try_from(serde_bytes::Bytes::new(&raw)).unwrap();
 
-    assert_eq!(key.to_bytes(), raw);
+    assert_eq!(*key.to_bytes(), raw);
 
     let outcome = SigningKey::try_from(serde_bytes::Bytes::new(b"<too_small>"));
 
diff --git a/libparsec/crates/testbed/src/template/crc_hash.rs b/libparsec/crates/testbed/src/template/crc_hash.rs
@@ -253,7 +253,7 @@ impl CrcHash for HashDigest {
 impl CrcHash for SigningKey {
     fn crc_hash(&self, hasher: &mut crc32fast::Hasher) {
         hasher.update(b"SigningKey");
-        hasher.update(&self.to_bytes());
+        hasher.update(self.to_bytes().as_ref());
     }
 }
 
@@ -267,7 +267,7 @@ impl CrcHash for VerifyKey {
 impl CrcHash for PrivateKey {
     fn crc_hash(&self, hasher: &mut crc32fast::Hasher) {
         hasher.update(b"PrivateKey");
-        hasher.update(&self.to_bytes());
+        hasher.update(self.to_bytes().as_ref());
     }
 }
 
diff --git a/server/src/crypto.rs b/server/src/crypto.rs
@@ -106,7 +106,7 @@ impl SigningKey {
     }
 
     fn encode<'py>(&self, py: Python<'py>) -> Bound<'py, PyBytes> {
-        PyBytes::new(py, &self.0.to_bytes())
+        PyBytes::new(py, self.0.to_bytes().as_ref())
     }
 }
 
@@ -266,7 +266,7 @@ impl PrivateKey {
     }
 
     fn encode<'py>(&self, py: Python<'py>) -> Bound<'py, PyBytes> {
-        PyBytes::new(py, &self.0.to_bytes())
+        PyBytes::new(py, self.0.to_bytes().as_ref())
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -199,8 +199,8 @@ impl PrivateKey {`
`199`	`199`	`Ok(SecretKey::try_from(&raw_512[..Self::SIZE]).expect("valid size"))`
`200`	`200`	`}`
`201`	`201`
`202`		`- pub fn to_bytes(&self) -> [u8; KEY_SIZE] {`
`203`		`- self.0.to_bytes()`
	`202`	`+ pub fn to_bytes(&self) -> zeroize::Zeroizing<[u8; KEY_SIZE]> {`
	`203`	`+ self.0.to_bytes().into()`
`204`	`204`	`}`
`205`	`205`	`}`
`206`	`206`
Original file line number	Diff line number	Diff line change
`@@ -53,8 +53,8 @@ impl SigningKey {`
`53`	`53`	`self.0.sign(data).to_bytes()`
`54`	`54`	`}`
`55`	`55`
`56`		`- pub fn to_bytes(&self) -> [u8; Self::SIZE] {`
`57`		`- self.0.to_bytes()`
	`56`	`+ pub fn to_bytes(&self) -> zeroize::Zeroizing<[u8; Self::SIZE]> {`
	`57`	`+ self.0.to_bytes().into()`
`58`	`58`	`}`
`59`	`59`	`}`
`60`	`60`
`@@ -86,7 +86,7 @@ impl Serialize for SigningKey {`
`86`	`86`	`where`
`87`	`87`	`S: serde::Serializer,`
`88`	`88`	`{`
`89`		`- serializer.serialize_bytes(&self.to_bytes())`
	`89`	`+ serializer.serialize_bytes(self.to_bytes().as_ref())`
`90`	`90`	`}`
`91`	`91`	`}`
`92`	`92`
Original file line number	Diff line number	Diff line change
`@@ -107,8 +107,8 @@ impl PrivateKey {`
`107`	`107`	`Ok(key)`
`108`	`108`	`}`
`109`	`109`
`110`		`- pub fn to_bytes(&self) -> [u8; Self::SIZE] {`
`111`		`- self.0.as_bytes().to_owned()`
	`110`	`+ pub fn to_bytes(&self) -> zeroize::Zeroizing<[u8; Self::SIZE]> {`
	`111`	`+ self.0.as_bytes().to_owned().into()`
`112`	`112`	`}`
`113`	`113`	`}`
`114`	`114`
Original file line number	Diff line number	Diff line change
`@@ -51,10 +51,11 @@ impl SigningKey {`
`51`	`51`	`sign_detached(data, &self.0).expect("Cannot sign data")`
`52`	`52`	`}`
`53`	`53`
`54`		`- pub fn to_bytes(&self) -> [u8; Self::SIZE] {`
	`54`	`+ pub fn to_bytes(&self) -> zeroize::Zeroizing<[u8; Self::SIZE]> {`
`55`	`55`	`// SecretKey is composed of Seed then PublicKey, we export only seed here`
`56`	`56`	`<[u8; Self::SIZE]>::try_from(&self.0.as_bytes()[..Self::SIZE])`
`57`	`57`	`.expect("The internal array is > Self::SIZE")`
	`58`	`+ .into()`
`58`	`59`	`}`
`59`	`60`	`}`
`60`	`61`
Original file line number	Diff line number	Diff line change
`@@ -253,7 +253,7 @@ impl CrcHash for HashDigest {`
`253`	`253`	`impl CrcHash for SigningKey {`
`254`	`254`	`fn crc_hash(&self, hasher: &mut crc32fast::Hasher) {`
`255`	`255`	`hasher.update(b"SigningKey");`
`256`		`- hasher.update(&self.to_bytes());`
	`256`	`+ hasher.update(self.to_bytes().as_ref());`
`257`	`257`	`}`
`258`	`258`	`}`
`259`	`259`
`@@ -267,7 +267,7 @@ impl CrcHash for VerifyKey {`
`267`	`267`	`impl CrcHash for PrivateKey {`
`268`	`268`	`fn crc_hash(&self, hasher: &mut crc32fast::Hasher) {`
`269`	`269`	`hasher.update(b"PrivateKey");`
`270`		`- hasher.update(&self.to_bytes());`
	`270`	`+ hasher.update(self.to_bytes().as_ref());`
`271`	`271`	`}`
`272`	`272`	`}`
`273`	`273`
Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ impl SigningKey {`
`106`	`106`	`}`
`107`	`107`
`108`	`108`	`fn encode<'py>(&self, py: Python<'py>) -> Bound<'py, PyBytes> {`
`109`		`- PyBytes::new(py, &self.0.to_bytes())`
	`109`	`+ PyBytes::new(py, self.0.to_bytes().as_ref())`
`110`	`110`	`}`
`111`	`111`	`}`
`112`	`112`
`@@ -266,7 +266,7 @@ impl PrivateKey {`
`266`	`266`	`}`
`267`	`267`
`268`	`268`	`fn encode<'py>(&self, py: Python<'py>) -> Bound<'py, PyBytes> {`
`269`		`- PyBytes::new(py, &self.0.to_bytes())`
	`269`	`+ PyBytes::new(py, self.0.to_bytes().as_ref())`
`270`	`270`	`}`
`271`	`271`	`}`
`272`	`272`