Skip to content

Commit ead098a

Browse files
SuperhepperSuperhepper
committed
Adds some more documentation to FFI data zeroize.
Signed-off-by: Jesper Brynolf <[email protected]>
1 parent 76089c1 commit ead098a

File tree

1 file changed

+21
-3
lines changed

1 file changed

+21
-3
lines changed

tss-esapi/src/ffi/data_zeroize.rs

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,21 @@ use crate::{
1919
};
2020
use std::convert::TryFrom;
2121
use zeroize::Zeroize;
22+
// /////////////////////////////////////////////////////////////////////////
23+
// This module provides a the internal FfiDataZeroize trait
24+
// and implementations of this trait for several of the
25+
// generated TPM types that is used in TSS. In order to be
26+
// able to zeroize sensitive information that may be stored
27+
// in these types when using them in calls to the TSS APIs.
28+
// To zeroize sensitive data when no longer needed is considered
29+
// good cryptographic hygiene and reduces the chances of sensitive data
30+
// being leaked.
31+
//
32+
// This has been implemented as trait in order to have a consistent way
33+
// to use the zeroize functionality on the TSS FFI types and to be able
34+
// to use it in generic functions that deal with taking ownership of data
35+
// that has been allocated by TSS in order to zeroize the source memory.
36+
// /////////////////////////////////////////////////////////////////////////
2237

2338
/// A trait for zeroizing FFI data.
2439
pub(crate) trait FfiDataZeroize {
@@ -370,9 +385,12 @@ implement_ffi_data_zeroizer_trait_for_ticket_type!(TPMT_TK_VERIFIED);
370385
implement_ffi_data_zeroizer_trait_for_ticket_type!(TPMT_TK_AUTH);
371386
implement_ffi_data_zeroizer_trait_for_ticket_type!(TPMT_TK_HASHCHECK);
372387

373-
///////////////////////////////////////////////////////////////////////////
374-
/// UNIT TESTS FOR FFI DATA ZEROIZE
375-
///////////////////////////////////////////////////////////////////////////
388+
// /////////////////////////////////////////////////////////////////////////
389+
// UNIT TESTS FOR FFI DATA ZEROIZE
390+
//
391+
// These unit tests needs to be here because the trait is internal to the crate
392+
// and can there for not be tested using integration tests.
393+
// /////////////////////////////////////////////////////////////////////////
376394
macro_rules! implement_zeroize_test_for_named_field_structured_buffer_type {
377395
($tss_type:ident, $buffer_field_name:ident, $fn_name:ident) => {
378396
#[test]

0 commit comments

Comments
 (0)