quininer / seckey

Use `memsec` protected secret memory.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Implement ZeroSafe

vbrandl opened this issue · comments

I want to store a Ed25519 key pair (generated by ring) in a SecKey and zero the memory if the creation fails. This key pair is 85 bytes large and the seckey crate does not implement the ZeroSafe trait for [T; 85].
Since neither ZeroSafe nor [u8; 85] are defined in my module, I cannot impl ZeroSafe for [u8; 85].
What's the correct way to zero out arbitrary sized arrays?

You can open a PR to impl ZeroSafe for [u8; 85], or use a custom struct.

struct Custom([u8; 85]);
unsafe impl ZeroSafe for Custom {}

ZeroSafe is just a stopgap, which will be removed after const generics is implemented.

You can use SecKey<[u8; 85]> normally because it has nothing to do with ZeroSafe trait.

For TempKey<[u8; 85]>, you can use TempKey::unsafe_from.