totp-rs icon indicating copy to clipboard operation
totp-rs copied to clipboard

Published 20 hours ago verified publisher icon constantoine

Support zeroize feature.

Open tmpfs opened this issue 2 years ago • 1 comments

So that the TOTP struct will securely zero memory when it is dropped.

For this to work I had to remove the generic on the TOTP struct as we need the implementation of Zeroize that is declared on Vec<u8> when the zeroize library has the alloc feature enabled.

tmpfs avatar Nov 02 '22 03:11 tmpfs

Codecov Report

Base: 90.46% // Head: 90.47% // Increases project coverage by +0.00% :tada:

Coverage data is based on head (28ebb0e) compared to base (c36b3a9). Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master      #40   +/-   ##
=======================================
  Coverage   90.46%   90.47%           
=======================================
  Files           4        4           
  Lines         996      997    +1     
=======================================
+ Hits          901      902    +1     
  Misses         95       95
Impacted Files Coverage Δ
src/lib.rs 88.50% <100.00%> (+0.01%) :arrow_up:
src/rfc.rs 83.00% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

codecov-commenter avatar Nov 02 '22 03:11 codecov-commenter

I require this to be implemented due to security reasons in order to use this in prs for TOTP support.

What is the status on this?

timvisee avatar Dec 22 '22 13:12 timvisee

Hi! Removing the generic would be a major breaking change. I'm not entirely against it, but I want to make sure if I do breaking changes like this, I do it right. If I am to remove the generic, I probably want to do some changes over the Secret::Raw and Secret::Encoded stuff

constantoine avatar Dec 22 '22 13:12 constantoine

Thanks for the prompt response! I totally understand.

I also just noticed that in this PR, the Secret type doesn't have any zeroing implemented. I wanted to open an additional PR for this, but I'll just leave it as is for now.

Right now, you can at least zero a TOTP type by destructing and zeroing manually, like:

use zeroize::Zeroize;

pub fn zero_totp(totp: TOTP) {
    let TOTP {
        mut digits,
        mut secret,
        mut issuer,
        mut account_name,
        ..
    } = totp;
    digits.zeroize();
    secret.zeroize();
    issuer.zeroize();
    account_name.zeroize();
}

timvisee avatar Dec 22 '22 13:12 timvisee

I'm in vacation right now, so I think I should find the time to look more into it in the next couples of day

I'll look more into it and probably add more stuff to this PR, or merge as is and do another PR for secrets before merging

In any case I will keep you updated

constantoine avatar Dec 22 '22 14:12 constantoine

Hi, coming back to you:

I have merged this, fixed the bits where there were remnants of generic code, and added zeroize on Secret

I will release in a few days unless you have reservations/stuff you want change before the new major release

constantoine avatar Dec 22 '22 16:12 constantoine

Fantastic, thanks a lot.

For me this can definitely wait for a bit. Enjoy your vacation!

timvisee avatar Dec 23 '22 15:12 timvisee

Hi! Wish you good end of the year celebrations :)

v4.0 has been released.

If you encounter any problem, feel free to open an issue. In any ways, thank you both for your work and feedback!

constantoine avatar Dec 29 '22 14:12 constantoine