vault: return Zeroizing<String> from unlock_new
Change unlock_new return type from String to Zeroizing<String> so the generated mnemonic phrase is zeroized on drop and does not linger in freed heap memory. Resolves drift item #8 / review W7.
This commit is contained in:
@@ -50,6 +50,7 @@ use crate::derivation::{self, DerivationError, PATHS};
|
|||||||
use crate::encryption::{self, EncryptedData, EncryptionKey};
|
use crate::encryption::{self, EncryptedData, EncryptionKey};
|
||||||
use crate::mnemonic::{Language, Mnemonic, Seed};
|
use crate::mnemonic::{Language, Mnemonic, Seed};
|
||||||
use crate::protocol::{DerivedKey, KeyType};
|
use crate::protocol::{DerivedKey, KeyType};
|
||||||
|
use zeroize::Zeroizing;
|
||||||
|
|
||||||
/// Handle to a running VaultService for local (in-process) use.
|
/// Handle to a running VaultService for local (in-process) use.
|
||||||
///
|
///
|
||||||
@@ -150,7 +151,7 @@ impl VaultServiceHandle {
|
|||||||
///
|
///
|
||||||
/// Returns the generated mnemonic phrase. Store this phrase securely —
|
/// Returns the generated mnemonic phrase. Store this phrase securely —
|
||||||
/// it is the root of trust for all derived keys.
|
/// it is the root of trust for all derived keys.
|
||||||
pub fn unlock_new(&self, word_count: usize) -> Result<String, VaultServiceError> {
|
pub fn unlock_new(&self, word_count: usize) -> Result<Zeroizing<String>, VaultServiceError> {
|
||||||
let mut inner = self.inner.write().unwrap();
|
let mut inner = self.inner.write().unwrap();
|
||||||
if inner.unlocked {
|
if inner.unlocked {
|
||||||
return Err(VaultServiceError::AlreadyUnlocked);
|
return Err(VaultServiceError::AlreadyUnlocked);
|
||||||
@@ -158,7 +159,7 @@ impl VaultServiceHandle {
|
|||||||
|
|
||||||
let mnemonic = Mnemonic::generate(word_count)?;
|
let mnemonic = Mnemonic::generate(word_count)?;
|
||||||
let seed = mnemonic.to_seed(None);
|
let seed = mnemonic.to_seed(None);
|
||||||
let phrase = mnemonic.phrase().to_string();
|
let phrase = Zeroizing::new(mnemonic.phrase().to_string());
|
||||||
|
|
||||||
inner.mnemonic = Some(mnemonic);
|
inner.mnemonic = Some(mnemonic);
|
||||||
inner.seed = Some(seed);
|
inner.seed = Some(seed);
|
||||||
|
|||||||
Reference in New Issue
Block a user