Secure handling of signing keys

entropyxyz · Oct 10, 2022 · fff3f29 · fff3f29
1 parent 2643fc4
commit fff3f29
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 8 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -22,6 +22,7 @@ rand_chacha = "0.3"
 hmac = "0.12.1"
 zeroize = { version = "1.4", features = ["zeroize_derive"] }
 hex = "0.4.3"
+secrecy = "0.8"
 
 # k256 baggage
 k256 = { version = "0.10.4", features = ["serde"] }
@@ -32,6 +33,7 @@ sha2 = { version = "0.10.2", features = [
   "asm",
 ], default-features = false }
 sha3 = { version = "0.10.1", default-features = false }
+generic-array = { version = "0.14", features = ["zeroize"] }
 
 # logging
 tracing = { version = "0.1", default-features = false }

diff --git a/src/crypto_tools/rng.rs b/src/crypto_tools/rng.rs
@@ -7,6 +7,7 @@ use ecdsa::elliptic_curve::generic_array::GenericArray;
 use hmac::{Hmac, Mac};
 use rand::{CryptoRng, RngCore, SeedableRng};
 use rand_chacha::ChaCha20Rng;
+use secrecy::{ExposeSecret, Secret};
 use sha2::{digest::Update, Sha256};
 use tracing::error;
 use zeroize::Zeroize;
@@ -107,21 +108,18 @@ pub(crate) fn rng_seed_ecdsa_ephemeral_scalar_with_party_id<K>(
     signing_key: &k256::Scalar,
     msg_to_sign: &k256::Scalar,
 ) -> TofnResult<impl CryptoRng + RngCore> {
-    let mut signing_key_bytes = signing_key.to_bytes();
     let msg_to_sign_bytes = msg_to_sign.to_bytes();
 
     // TODO: Use protocol domain separation: https://github.com/axelarnetwork/tofn/issues/184
     let seed = Hmac::<Sha256>::new(&Default::default())
         .chain(tag.to_be_bytes())
         .chain(party_id.to_bytes())
-        .chain(signing_key_bytes)
+        .chain(Secret::new(signing_key.to_bytes()).expose_secret())
         .chain(msg_to_sign_bytes)
         .finalize()
         .into_bytes()
         .into();
 
-    signing_key_bytes.zeroize();
-
     Ok(ChaCha20Rng::from_seed(seed))
 }
 
@@ -135,20 +133,17 @@ pub(crate) fn rng_seed_ecdsa_ephemeral_scalar(
     signing_key: &k256::Scalar,
     message_digest: &k256::Scalar,
 ) -> TofnResult<impl CryptoRng + RngCore> {
-    let mut signing_key_bytes = signing_key.to_bytes();
     let msg_to_sign_bytes = message_digest.to_bytes();
 
     let seed = Hmac::<Sha256>::new(&Default::default())
         .chain(protocol_tag.to_be_bytes())
         .chain(tag.to_be_bytes())
-        .chain(signing_key_bytes)
+        .chain(Secret::new(signing_key.to_bytes()).expose_secret())
         .chain(msg_to_sign_bytes)
         .finalize()
         .into_bytes()
         .into();
 
-    signing_key_bytes.zeroize();
-
     Ok(ChaCha20Rng::from_seed(seed))
 }