vault: return Zeroizing<String> from unlock_new
Change unlock_new return type from String to Zeroizing<String> so the generated mnemonic phrase is zeroized on drop and does not linger in freed heap memory. Resolves drift item #8 / review W7.
This commit is contained in:
@@ -50,6 +50,7 @@ use crate::derivation::{self, DerivationError, PATHS};
|
||||
use crate::encryption::{self, EncryptedData, EncryptionKey};
|
||||
use crate::mnemonic::{Language, Mnemonic, Seed};
|
||||
use crate::protocol::{DerivedKey, KeyType};
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
/// Handle to a running VaultService for local (in-process) use.
|
||||
///
|
||||
@@ -150,7 +151,7 @@ impl VaultServiceHandle {
|
||||
///
|
||||
/// Returns the generated mnemonic phrase. Store this phrase securely —
|
||||
/// it is the root of trust for all derived keys.
|
||||
pub fn unlock_new(&self, word_count: usize) -> Result<String, VaultServiceError> {
|
||||
pub fn unlock_new(&self, word_count: usize) -> Result<Zeroizing<String>, VaultServiceError> {
|
||||
let mut inner = self.inner.write().unwrap();
|
||||
if inner.unlocked {
|
||||
return Err(VaultServiceError::AlreadyUnlocked);
|
||||
@@ -158,7 +159,7 @@ impl VaultServiceHandle {
|
||||
|
||||
let mnemonic = Mnemonic::generate(word_count)?;
|
||||
let seed = mnemonic.to_seed(None);
|
||||
let phrase = mnemonic.phrase().to_string();
|
||||
let phrase = Zeroizing::new(mnemonic.phrase().to_string());
|
||||
|
||||
inner.mnemonic = Some(mnemonic);
|
||||
inner.seed = Some(seed);
|
||||
|
||||
Reference in New Issue
Block a user