zeroize more stuff during runtime (#282)
- add zeroize features to some dependencies - zeroize protobuf messages when they are dropped
This commit is contained in:
Carson McManus
GitHub
parent
df47ff1823
commit
7c985f62ff
4 changed files with 49 additions and 25 deletions
3
Cargo.lock
generated
3
Cargo.lock
generated
|
|
@ -38,6 +38,7 @@ dependencies = [
|
|||
"cfg-if",
|
||||
"cipher 0.4.4",
|
||||
"cpufeatures",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
@ -79,6 +80,7 @@ dependencies = [
|
|||
"base64ct",
|
||||
"blake2",
|
||||
"password-hash",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
@ -449,6 +451,7 @@ checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
|
|||
dependencies = [
|
||||
"crypto-common",
|
||||
"inout",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ lazy_static = "1.4.0"
|
|||
uuid = { version = "0.8", features = ["v4"] }
|
||||
steamguard = { version = "^0.10.0", path = "./steamguard" }
|
||||
dirs = "3.0.2"
|
||||
aes = "0.8.3"
|
||||
aes = { version = "0.8.3", features = ["zeroize"] }
|
||||
thiserror = "1.0.26"
|
||||
crossterm = { version = "0.23.2", features = ["event-stream"] }
|
||||
qrcode = { version = "0.12.0", optional = true }
|
||||
|
|
@ -61,10 +61,10 @@ zeroize = { version = "^1.6.0", features = ["std", "zeroize_derive"] }
|
|||
serde_path_to_error = "0.1.11"
|
||||
update-informer = { version = "1.0.0", optional = true, default-features = false, features = ["github"] }
|
||||
phonenumber = "0.3"
|
||||
cbc = { version = "0.1.2", features = ["std"] }
|
||||
cbc = { version = "0.1.2", features = ["std", "zeroize"] }
|
||||
inout = { version = "0.1.3", features = ["std"] }
|
||||
keyring = { version = "2.0.4", optional = true }
|
||||
argon2 = { version = "0.5.0", features = ["std"] }
|
||||
argon2 = { version = "0.5.0", features = ["std", "zeroize"] }
|
||||
pbkdf2 = { version = "0.12.1", features = ["parallel"] }
|
||||
sha1 = "0.10.5"
|
||||
rayon = "1.7.0"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
use std::path::Path;
|
||||
use std::path::PathBuf;
|
||||
|
||||
use protobuf::descriptor::field_descriptor_proto::Type;
|
||||
use protobuf::reflect::FieldDescriptor;
|
||||
use protobuf::reflect::MessageDescriptor;
|
||||
use protobuf_codegen::Codegen;
|
||||
use protobuf_codegen::Customize;
|
||||
|
|
@ -44,32 +46,29 @@ struct GenSerde;
|
|||
|
||||
impl CustomizeCallback for GenSerde {
|
||||
fn message(&self, _message: &MessageDescriptor) -> Customize {
|
||||
// Customize::default().before("#[derive(::serde::Serialize, ::serde::Deserialize)]")
|
||||
Customize::default()
|
||||
Customize::default().before("#[derive(::zeroize::Zeroize, ::zeroize::ZeroizeOnDrop)]")
|
||||
// Customize::default()
|
||||
}
|
||||
|
||||
fn enumeration(&self, _enum_type: &protobuf::reflect::EnumDescriptor) -> Customize {
|
||||
Customize::default().before("#[derive(::serde::Serialize, ::serde::Deserialize)]")
|
||||
Customize::default()
|
||||
.before("#[derive(::serde::Serialize, ::serde::Deserialize, ::zeroize::Zeroize)]")
|
||||
}
|
||||
|
||||
// fn field(&self, field: &FieldDescriptor) -> Customize {
|
||||
// // if field.name() == "public_ip" {
|
||||
// // eprintln!("type_name: {:?}", field.proto().type_name());
|
||||
// // eprintln!("type_: {:?}", field.proto().type_());
|
||||
// // eprintln!("{:?}", field.proto());
|
||||
// // }
|
||||
// if field.proto().type_() == Type::TYPE_ENUM {
|
||||
// // `EnumOrUnknown` is not a part of rust-protobuf, so external serializer is needed.
|
||||
// Customize::default().before(
|
||||
// "#[serde(serialize_with = \"crate::protobufs::serialize_enum_or_unknown\", deserialize_with = \"crate::protobufs::deserialize_enum_or_unknown\")]")
|
||||
// // } else if field.name() == "public_ip" {
|
||||
// // Customize::default().before("#[serde(with = \"crate::protobufs::MessageFieldDef\")]")
|
||||
// } else {
|
||||
// Customize::default()
|
||||
// }
|
||||
// }
|
||||
|
||||
// fn special_field(&self, _message: &MessageDescriptor, _field: &str) -> Customize {
|
||||
// Customize::default().before("#[serde(skip)]")
|
||||
fn field(&self, field: &FieldDescriptor) -> Customize {
|
||||
// if field.name() == "public_ip" {
|
||||
// eprintln!("type_name: {:?}", field.proto().type_name());
|
||||
// eprintln!("type_: {:?}", field.proto().type_());
|
||||
// eprintln!("{:?}", field.proto());
|
||||
// }
|
||||
if field.proto().type_() == Type::TYPE_ENUM || field.proto().type_() == Type::TYPE_MESSAGE {
|
||||
Customize::default().before("#[zeroize(skip)]")
|
||||
} else {
|
||||
Customize::default()
|
||||
}
|
||||
}
|
||||
|
||||
fn special_field(&self, _message: &MessageDescriptor, _field: &str) -> Customize {
|
||||
Customize::default().before("#[zeroize(skip)]")
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,27 @@
|
|||
use zeroize::Zeroize;
|
||||
|
||||
use self::steammessages_base::{cmsg_ipaddress::Ip, cmsg_proto_buf_header::Ip_addr};
|
||||
|
||||
include!(concat!(env!("OUT_DIR"), "/protobufs/mod.rs"));
|
||||
|
||||
impl Zeroize for Ip {
|
||||
fn zeroize(&mut self) {
|
||||
match self {
|
||||
Ip::V4(ip) => ip.zeroize(),
|
||||
Ip::V6(ip) => ip.zeroize(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Zeroize for Ip_addr {
|
||||
fn zeroize(&mut self) {
|
||||
match self {
|
||||
Ip_addr::Ip(ip) => ip.zeroize(),
|
||||
Ip_addr::IpV6(ip) => ip.zeroize(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod parse_tests {
|
||||
use protobuf::Message;
|
||||
|
|
|
|||
Loading…
Reference in a new issue