src: Attempt to zero the state for incremental classes.

_state already gets wiped by libsodium when you do Finalize(), but that won't get called if there's an exception before that. I think default is fine; another way is Marshal.StructureToPtr() or calling Finalize() and then wiping the span buffer.
samuel-lucas6 · Nov 10, 2024 · d402f86 · d402f86
1 parent b436993
commit d402f86
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 4 deletions.
diff --git a/src/Geralt/Crypto/IncrementalBLAKE2b.cs b/src/Geralt/Crypto/IncrementalBLAKE2b.cs
@@ -1,4 +1,5 @@
-using System.Security.Cryptography;
+using System.Runtime.CompilerServices;
+using System.Security.Cryptography;
 using static Interop.Libsodium;
 
 namespace Geralt;
@@ -78,6 +79,7 @@ public void RestoreCachedState()
         _finalized = false;
     }
 
+    [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
     public void Dispose()
     {
         _state = default;

diff --git a/src/Geralt/Crypto/IncrementalEd25519ph.cs b/src/Geralt/Crypto/IncrementalEd25519ph.cs
@@ -1,4 +1,5 @@
-using System.Security.Cryptography;
+using System.Runtime.CompilerServices;
+using System.Security.Cryptography;
 using static Interop.Libsodium;
 
 namespace Geralt;
@@ -51,7 +52,9 @@ public bool FinalizeAndVerify(ReadOnlySpan<byte> signature, ReadOnlySpan<byte> p
         return crypto_sign_final_verify(ref _state, signature, publicKey) == 0;
     }
 
+    [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
     public void Dispose()
     {
+        _state = default;
     }
 }
diff --git a/src/Geralt/Crypto/IncrementalPoly1305.cs b/src/Geralt/Crypto/IncrementalPoly1305.cs
@@ -1,4 +1,5 @@
-using System.Security.Cryptography;
+using System.Runtime.CompilerServices;
+using System.Security.Cryptography;
 using static Interop.Libsodium;
 
 namespace Geralt;
@@ -52,7 +53,9 @@ public bool FinalizeAndVerify(ReadOnlySpan<byte> tag)
         return equal;
     }
 
+    [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
     public void Dispose()
     {
+        _state = default;
     }
 }
diff --git a/src/Geralt/Crypto/IncrementalXChaCha20Poly1305.cs b/src/Geralt/Crypto/IncrementalXChaCha20Poly1305.cs
@@ -1,4 +1,5 @@
-using System.Security.Cryptography;
+using System.Runtime.CompilerServices;
+using System.Security.Cryptography;
 using static Interop.Libsodium;
 
 namespace Geralt;
@@ -72,7 +73,9 @@ public void Rekey()
         crypto_secretstream_xchacha20poly1305_rekey(ref _state);
     }
 
+    [MethodImpl(MethodImplOptions.NoInlining | MethodImplOptions.NoOptimization)]
     public void Dispose()
     {
+        _state = default;
     }
 }