esp-hal icon indicating copy to clipboard operation
esp-hal copied to clipboard
verified publisher icon esp-rs

Allow wiping out AES key after usage.

Open coolwanglu opened this issue 10 months ago • 4 comments

Motivations

Currently the AES module copies the key, and it is not wiped out after usage.

Solution

Use Zeroize on Key to automatically wipe it out on drop. This can be guarded by a feature.

Example:

#[derive(ZeroizeOnDrop)]
struct Key {}

Alternatives

The AES library does not make a copy. Instead it takes only a reference and the caller should wipe it out if necessary. This changes the API though.

coolwanglu avatar Feb 28 '25 08:02 coolwanglu

I could send a PR if this sounds good. Not sure how to test it properly though.

coolwanglu avatar Feb 28 '25 08:02 coolwanglu

It would probably be best if we didn't copy the key just to then copy it into the hardware. Regardless of that, zeroing it on drop sounds reasonable to me, so maybe we should have both?

bugadani avatar Feb 28 '25 08:02 bugadani

Maybe Key should just go away and process can just take a slice directly instead.

The fact that Mode and Key are specified separately makes the Key enum feel like boilerplate to me.

This way user can zeroize their slices themselves.

Dominaezzz avatar Feb 28 '25 15:02 Dominaezzz

I think we can close this one after @bugadani's AES big refactoring?

JurajSadel avatar Sep 11 '25 10:09 JurajSadel