Add Zeroize and Drop implementations

cfb-mode/Cargo.toml

@@ -12,6 +12,7 @@ categories = ["cryptography", "no-std"]
 [dependencies]
 stream-cipher = "0.3"
 block-cipher-trait = "0.6"
+zeroize = { version = "0.9", optional = true }
 
 [dev-dependencies]
 aes = "0.3"

cfb-mode/src/lib.rs

@@ -51,12 +51,20 @@
 pub extern crate stream_cipher;
 extern crate block_cipher_trait;
 
+#[cfg(cargo_feature = "zeroize")]
+extern crate zeroize;
+
 use stream_cipher::{StreamCipher, NewStreamCipher, InvalidKeyNonceLength};
 use block_cipher_trait::BlockCipher;
 use block_cipher_trait::generic_array::GenericArray;
 use block_cipher_trait::generic_array::typenum::Unsigned;
 use core::slice;
 
+#[cfg(cargo_feature = "zeroize")]
+use zeroize::Zeroize;
+#[cfg(cargo_feature = "zeroize")]
+use std::ops::Drop;
+
 /// CFB self-synchronizing stream cipher instance.
 pub struct Cfb<C: BlockCipher> {
     cipher: C,
@@ -68,6 +76,22 @@ type Block<C> = GenericArray<u8, <C as BlockCipher>::BlockSize>;
 type ParBlocks<C> = GenericArray<Block<C>, <C as BlockCipher>::ParBlocks>;
 type Key<C> = GenericArray<u8, <C as BlockCipher>::KeySize>;
 
+#[cfg(cargo_feature = "zeroize")]
+impl<C: Zeroize> Zeroize for Cfb<C> {
+    fn zeroize(&mut self) {
+        self.cipher.zeroize();
+        self.iv.zeroize();
+        self.pos.zeroize();
+    }
+}
+
+#[cfg(cargo_feature = "zeroize")]
+impl<C> Drop for Cfb<C> {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 impl<C: BlockCipher> NewStreamCipher for Cfb<C> {
     type KeySize = C::KeySize;
     type NonceSize = C::BlockSize;

cfb8/Cargo.toml

@@ -12,6 +12,7 @@ categories = ["cryptography", "no-std"]
 [dependencies]
 stream-cipher = "0.3"
 block-cipher-trait = "0.6"
+zeroize = { version = "0.9", optional = true }
 
 [dev-dependencies]
 aes = "0.3"

cfb8/src/lib.rs

@@ -51,17 +51,40 @@
 extern crate block_cipher_trait;
 pub extern crate stream_cipher;
 
+#[cfg(cargo_feature = "zeroize")]
+extern crate zeroize;
+
 use stream_cipher::{NewStreamCipher, StreamCipher, InvalidKeyNonceLength};
 use block_cipher_trait::BlockCipher;
 use block_cipher_trait::generic_array::GenericArray;
 use block_cipher_trait::generic_array::typenum::Unsigned;
 
+#[cfg(cargo_feature = "zeroize")]
+use zeroize::Zeroize;
+#[cfg(cargo_feature = "zeroize")]
+use std::ops::Drop;
+
 /// CFB self-synchronizing stream cipher instance.
 pub struct Cfb8<C: BlockCipher> {
     cipher: C,
     iv: GenericArray<u8, C::BlockSize>,
 }
 
+#[cfg(cargo_feature = "zeroize")]
+impl<C: Zeroize> Zeroize for Cfb8<C> {
+    fn zeroize(&mut self) {
+        self.cipher.zeroize();
+        self.iv.zeroize();
+    }
+}
+
+#[cfg(cargo_feature = "zeroize")]
+impl<C> Drop for Cfb8<C> {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 impl<C: BlockCipher> NewStreamCipher for Cfb8<C> {
     type KeySize = C::KeySize;
     type NonceSize = C::BlockSize;

ctr/Cargo.toml

@@ -12,6 +12,7 @@ categories = ["cryptography", "no-std"]
 [dependencies]
 stream-cipher = "0.3"
 block-cipher-trait = "0.6"
+zeroize = { version = "0.9", optional = true }
 
 [dev-dependencies]
 aes = "0.3"

ctr/src/lib.rs

@@ -41,6 +41,9 @@
 pub extern crate stream_cipher;
 extern crate block_cipher_trait;
 
+#[cfg(cargo_feature = "zeroize")]
+extern crate zeroize;
+
 use stream_cipher::{
     SyncStreamCipher, SyncStreamCipherSeek, NewStreamCipher,
     LoopError, InvalidKeyNonceLength
@@ -51,6 +54,11 @@ use block_cipher_trait::generic_array::typenum::{U16, Unsigned};
 use block_cipher_trait::BlockCipher;
 use core::{mem, cmp, fmt, ptr};
 
+#[cfg(cargo_feature = "zeroize")]
+use zeroize::Zeroize;
+#[cfg(cargo_feature = "zeroize")]
+use std::ops::Drop;
+
 #[inline(always)]
 fn xor(buf: &mut [u8], key: &[u8]) {
     debug_assert_eq!(buf.len(), key.len());
@@ -76,6 +84,24 @@ pub struct Ctr128<C>
     pos: Option<u8>,
 }
 
+#[cfg(cargo_feature = "zeroize")]
+impl<C: Zeroize> Zeroize for Ctr128<C> {
+    fn zeroize(&mut self) {
+        self.cipher.zeroize();
+        self.nonce.zeroize();
+        self.counter.zeroize();
+        self.block.zeroize();
+        self.pos.zeroize();
+    }
+}
+
+#[cfg(cargo_feature = "zeroize")]
+impl<C> Drop for Ctr128<C> {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 impl<C> Ctr128<C>
     where
         C: BlockCipher<BlockSize = U16>,

ofb/Cargo.toml

@@ -12,6 +12,7 @@ categories = ["cryptography", "no-std"]
 [dependencies]
 stream-cipher = "0.3"
 block-cipher-trait = "0.6"
+zeroize = { version = "0.9", optional = true }
 
 [dev-dependencies]
 aes = "0.3"

ofb/src/lib.rs

@@ -53,13 +53,21 @@
 pub extern crate stream_cipher;
 extern crate block_cipher_trait;
 
+#[cfg(cargo_feature = "zeroize")]
+extern crate zeroize;
+
 use stream_cipher::{
     SyncStreamCipher, NewStreamCipher, LoopError, InvalidKeyNonceLength,
 };
 use block_cipher_trait::BlockCipher;
 use block_cipher_trait::generic_array::GenericArray;
 use block_cipher_trait::generic_array::typenum::Unsigned;
 
+#[cfg(cargo_feature = "zeroize")]
+use zeroize::Zeroize;
+#[cfg(cargo_feature = "zeroize")]
+use std::ops::Drop;
+
 type Block<C> = GenericArray<u8, <C as BlockCipher>::BlockSize>;
 
 /// OFB self-synchronizing stream cipher instance.
@@ -69,6 +77,22 @@ pub struct Ofb<C: BlockCipher> {
     pos: usize,
 }
 
+#[cfg(cargo_feature = "zeroize")]
+impl<C: Zeroize> Zeroize for Cfb8<C> {
+    fn zeroize(&mut self) {
+        self.cipher.zeroize();
+        self.block.zeroize();
+        self.pos.zeroize();
+    }
+}
+
+#[cfg(cargo_feature = "zeroize")]
+impl<C> Drop for Cfb8<C> {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 impl<C: BlockCipher> NewStreamCipher for Ofb<C> {
     type KeySize = C::KeySize;
     type NonceSize = C::BlockSize;
@@ -131,4 +155,3 @@ fn xor(buf1: &mut [u8], buf2: &[u8]) {
         *a ^= *b;
     }
 }
-