zeroize more stuff during runtime (#282)
- add zeroize features to some dependencies - zeroize protobuf messages when they are dropped
This commit is contained in:
parent
df47ff1823
commit
7c985f62ff
4 changed files with 49 additions and 25 deletions
3
Cargo.lock
generated
3
Cargo.lock
generated
|
@ -38,6 +38,7 @@ dependencies = [
|
||||||
"cfg-if",
|
"cfg-if",
|
||||||
"cipher 0.4.4",
|
"cipher 0.4.4",
|
||||||
"cpufeatures",
|
"cpufeatures",
|
||||||
|
"zeroize",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -79,6 +80,7 @@ dependencies = [
|
||||||
"base64ct",
|
"base64ct",
|
||||||
"blake2",
|
"blake2",
|
||||||
"password-hash",
|
"password-hash",
|
||||||
|
"zeroize",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -449,6 +451,7 @@ checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"crypto-common",
|
"crypto-common",
|
||||||
"inout",
|
"inout",
|
||||||
|
"zeroize",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
|
|
@ -51,7 +51,7 @@ lazy_static = "1.4.0"
|
||||||
uuid = { version = "0.8", features = ["v4"] }
|
uuid = { version = "0.8", features = ["v4"] }
|
||||||
steamguard = { version = "^0.10.0", path = "./steamguard" }
|
steamguard = { version = "^0.10.0", path = "./steamguard" }
|
||||||
dirs = "3.0.2"
|
dirs = "3.0.2"
|
||||||
aes = "0.8.3"
|
aes = { version = "0.8.3", features = ["zeroize"] }
|
||||||
thiserror = "1.0.26"
|
thiserror = "1.0.26"
|
||||||
crossterm = { version = "0.23.2", features = ["event-stream"] }
|
crossterm = { version = "0.23.2", features = ["event-stream"] }
|
||||||
qrcode = { version = "0.12.0", optional = true }
|
qrcode = { version = "0.12.0", optional = true }
|
||||||
|
@ -61,10 +61,10 @@ zeroize = { version = "^1.6.0", features = ["std", "zeroize_derive"] }
|
||||||
serde_path_to_error = "0.1.11"
|
serde_path_to_error = "0.1.11"
|
||||||
update-informer = { version = "1.0.0", optional = true, default-features = false, features = ["github"] }
|
update-informer = { version = "1.0.0", optional = true, default-features = false, features = ["github"] }
|
||||||
phonenumber = "0.3"
|
phonenumber = "0.3"
|
||||||
cbc = { version = "0.1.2", features = ["std"] }
|
cbc = { version = "0.1.2", features = ["std", "zeroize"] }
|
||||||
inout = { version = "0.1.3", features = ["std"] }
|
inout = { version = "0.1.3", features = ["std"] }
|
||||||
keyring = { version = "2.0.4", optional = true }
|
keyring = { version = "2.0.4", optional = true }
|
||||||
argon2 = { version = "0.5.0", features = ["std"] }
|
argon2 = { version = "0.5.0", features = ["std", "zeroize"] }
|
||||||
pbkdf2 = { version = "0.12.1", features = ["parallel"] }
|
pbkdf2 = { version = "0.12.1", features = ["parallel"] }
|
||||||
sha1 = "0.10.5"
|
sha1 = "0.10.5"
|
||||||
rayon = "1.7.0"
|
rayon = "1.7.0"
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
use std::path::Path;
|
use std::path::Path;
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
|
|
||||||
|
use protobuf::descriptor::field_descriptor_proto::Type;
|
||||||
|
use protobuf::reflect::FieldDescriptor;
|
||||||
use protobuf::reflect::MessageDescriptor;
|
use protobuf::reflect::MessageDescriptor;
|
||||||
use protobuf_codegen::Codegen;
|
use protobuf_codegen::Codegen;
|
||||||
use protobuf_codegen::Customize;
|
use protobuf_codegen::Customize;
|
||||||
|
@ -44,32 +46,29 @@ struct GenSerde;
|
||||||
|
|
||||||
impl CustomizeCallback for GenSerde {
|
impl CustomizeCallback for GenSerde {
|
||||||
fn message(&self, _message: &MessageDescriptor) -> Customize {
|
fn message(&self, _message: &MessageDescriptor) -> Customize {
|
||||||
// Customize::default().before("#[derive(::serde::Serialize, ::serde::Deserialize)]")
|
Customize::default().before("#[derive(::zeroize::Zeroize, ::zeroize::ZeroizeOnDrop)]")
|
||||||
Customize::default()
|
// Customize::default()
|
||||||
}
|
}
|
||||||
|
|
||||||
fn enumeration(&self, _enum_type: &protobuf::reflect::EnumDescriptor) -> Customize {
|
fn enumeration(&self, _enum_type: &protobuf::reflect::EnumDescriptor) -> Customize {
|
||||||
Customize::default().before("#[derive(::serde::Serialize, ::serde::Deserialize)]")
|
Customize::default()
|
||||||
|
.before("#[derive(::serde::Serialize, ::serde::Deserialize, ::zeroize::Zeroize)]")
|
||||||
}
|
}
|
||||||
|
|
||||||
// fn field(&self, field: &FieldDescriptor) -> Customize {
|
fn field(&self, field: &FieldDescriptor) -> Customize {
|
||||||
// // if field.name() == "public_ip" {
|
// if field.name() == "public_ip" {
|
||||||
// // eprintln!("type_name: {:?}", field.proto().type_name());
|
// eprintln!("type_name: {:?}", field.proto().type_name());
|
||||||
// // eprintln!("type_: {:?}", field.proto().type_());
|
// eprintln!("type_: {:?}", field.proto().type_());
|
||||||
// // eprintln!("{:?}", field.proto());
|
// eprintln!("{:?}", field.proto());
|
||||||
// // }
|
|
||||||
// if field.proto().type_() == Type::TYPE_ENUM {
|
|
||||||
// // `EnumOrUnknown` is not a part of rust-protobuf, so external serializer is needed.
|
|
||||||
// Customize::default().before(
|
|
||||||
// "#[serde(serialize_with = \"crate::protobufs::serialize_enum_or_unknown\", deserialize_with = \"crate::protobufs::deserialize_enum_or_unknown\")]")
|
|
||||||
// // } else if field.name() == "public_ip" {
|
|
||||||
// // Customize::default().before("#[serde(with = \"crate::protobufs::MessageFieldDef\")]")
|
|
||||||
// } else {
|
|
||||||
// Customize::default()
|
|
||||||
// }
|
|
||||||
// }
|
// }
|
||||||
|
if field.proto().type_() == Type::TYPE_ENUM || field.proto().type_() == Type::TYPE_MESSAGE {
|
||||||
|
Customize::default().before("#[zeroize(skip)]")
|
||||||
|
} else {
|
||||||
|
Customize::default()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// fn special_field(&self, _message: &MessageDescriptor, _field: &str) -> Customize {
|
fn special_field(&self, _message: &MessageDescriptor, _field: &str) -> Customize {
|
||||||
// Customize::default().before("#[serde(skip)]")
|
Customize::default().before("#[zeroize(skip)]")
|
||||||
// }
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,27 @@
|
||||||
|
use zeroize::Zeroize;
|
||||||
|
|
||||||
|
use self::steammessages_base::{cmsg_ipaddress::Ip, cmsg_proto_buf_header::Ip_addr};
|
||||||
|
|
||||||
include!(concat!(env!("OUT_DIR"), "/protobufs/mod.rs"));
|
include!(concat!(env!("OUT_DIR"), "/protobufs/mod.rs"));
|
||||||
|
|
||||||
|
impl Zeroize for Ip {
|
||||||
|
fn zeroize(&mut self) {
|
||||||
|
match self {
|
||||||
|
Ip::V4(ip) => ip.zeroize(),
|
||||||
|
Ip::V6(ip) => ip.zeroize(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Zeroize for Ip_addr {
|
||||||
|
fn zeroize(&mut self) {
|
||||||
|
match self {
|
||||||
|
Ip_addr::Ip(ip) => ip.zeroize(),
|
||||||
|
Ip_addr::IpV6(ip) => ip.zeroize(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod parse_tests {
|
mod parse_tests {
|
||||||
use protobuf::Message;
|
use protobuf::Message;
|
||||||
|
|
Loading…
Reference in a new issue