hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add zeroize

Browse Source
This commit is contained in:
Hatter Jiang
2023-10-22 22:40:47 +08:00
parent 2a7d28372e
commit 0f02edc6f6
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/cmd_decrypt.rs
View File

@@ -14,6 +14,7 @@ use x509_parser::prelude::FromDer;
use x509_parser::x509::SubjectPublicKeyInfo;
use yubikey::piv::{AlgorithmId, decrypt_data};
use yubikey::YubiKey;
use zeroize::Zeroize;
use crate::{consts, crypto_simple, util, util_enc_file, util_envelop, util_file, util_pgp, util_piv};
use crate::compress::GzStreamDecoder;
@@ -58,6 +59,12 @@ pub struct CmdDecrypt {
pub digest_algorithm: Option<String>,
}
impl Drop for CmdDecrypt {
fn drop(&mut self) {
self.pin.map(|mut p| p.zeroize());
}
}
pub fn decrypt(cmd_decrypt: CmdDecrypt) -> XResult<()> {
debugging!("Cmd decrypt: {:?}", cmd_decrypt);
let config = TinyEncryptConfig::load(TINY_ENC_CONFIG_FILE).ok();
@@ -311,6 +318,7 @@ fn try_decrypt_key_ecdh(config: &Option<TinyEncryptConfig>,
let key = util::simple_kdf(shared_secret.as_slice());
let decrypted_key = crypto_simple::decrypt(
cryptor, &key, &wrap_key.nonce, &wrap_key.encrypted_data)?;
util::zeroize(pin);
util::zeroize(key);
util::zeroize(shared_secret);
Ok(decrypted_key)