diff options
author | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-08-31 15:52:41 +0200 |
---|---|---|
committer | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-08-31 15:52:41 +0200 |
commit | c823af1a9c2cf8504740ddd7deaeaeb28bf752c1 (patch) | |
tree | a22e82873fcb380dd5304f5b62ec600b030278f8 /src | |
parent | Fix race condition on response processing (diff) | |
download | wireguard-rs-c823af1a9c2cf8504740ddd7deaeaeb28bf752c1.tar.xz wireguard-rs-c823af1a9c2cf8504740ddd7deaeaeb28bf752c1.zip |
Explicitly clear t0 in KDF macro
Diffstat (limited to 'src')
-rw-r--r-- | src/handshake/noise.rs | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/handshake/noise.rs b/src/handshake/noise.rs index 5673938..1e7c50d 100644 --- a/src/handshake/noise.rs +++ b/src/handshake/noise.rs @@ -17,7 +17,9 @@ use rand::{CryptoRng, RngCore}; use generic_array::typenum::*; use generic_array::*; +use clear_on_drop::clear::Clear; use clear_on_drop::clear_stack_on_return; + use subtle::ConstantTimeEq; use super::device::Device; @@ -85,27 +87,30 @@ macro_rules! HMAC { macro_rules! KDF1 { ($ck:expr, $input:expr) => {{ - let t0 = HMAC!($ck, $input); + let mut t0 = HMAC!($ck, $input); let t1 = HMAC!(&t0, &[0x1]); + t0.clear(); t1 }}; } macro_rules! KDF2 { ($ck:expr, $input:expr) => {{ - let t0 = HMAC!($ck, $input); + let mut t0 = HMAC!($ck, $input); let t1 = HMAC!(&t0, &[0x1]); let t2 = HMAC!(&t0, &t1, &[0x2]); + t0.clear(); (t1, t2) }}; } macro_rules! KDF3 { ($ck:expr, $input:expr) => {{ - let t0 = HMAC!($ck, $input); + let mut t0 = HMAC!($ck, $input); let t1 = HMAC!(&t0, &[0x1]); let t2 = HMAC!(&t0, &t1, &[0x2]); let t3 = HMAC!(&t0, &t2, &[0x3]); + t0.clear(); (t1, t2, t3) }}; } |