Skip to content

Use secure_string for more secure Password and SecretKey #328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Use secure_string for more secure Password and SecretKey #328

wants to merge 3 commits into from

Conversation

eibrahim95
Copy link
Contributor

This implements #47

  • Updated cot::common_types::Password struct to use SecureString for enhanced security.
  • Implemented PartialEq and Eq for cot::common_types::Password to be able to compare 2 Password instances
  • Added tests for equality comparison of instances.
  • Updated SecretKey struct to use SecureBytes for improved security handling.
  • Adjusted implementations of PartialEq and Debug to align with SecureBytes.
  • Implemented serialization for SecretKey since we cannot derive Serialize because SecureBytes doesn't implement it .
  • Included tests for JSON serialization of SecretKey.

eibrahim95 added 2 commits May 15, 2025 21:42
@eibrahim95
feat: add secure-string dependency and integrate into Password struct
2cdfd65 
- Updated  struct to use SecureString for enhanced security.
- Implemented PartialEq and Eq to be able to compare 2 Password instances
- Added tests for equality comparison of  instances.
@eibrahim95
feat: replace Box<[u8]> with SecureBytes in SecretKey for enhanced se…
8ee2f46 
…curity

- Updated SecretKey struct to use SecureBytes for improved security handling.
- Adjusted implementations of PartialEq and Debug to align with SecureBytes.
- Implemented serialization for SecretKey since we cannot derive Serialize since SecureBytes doesn't implement it .
- Included tests for JSON serialization of SecretKey.
@github-actions github-actions bot added the C-lib Crate: cot (main library crate) label May 15, 2025
@codecov Codecov
Copy link

codecov bot commented May 15, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Flag Coverage Δ
rust 88.03% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
cot/src/common_types.rs 85.24% <100.00%> (+1.31%) ⬆️
cot/src/config.rs 91.66% <100.00%> (+0.31%) ⬆️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@eibrahim95
Copy link
Contributor Author

Looks like miri doesn't support mlock, thinking about mocking it for miri only what do you think @m4tx @seqre ?

seqre
seqre reviewed May 19, 2025
View reviewed changes
Copy link
Member

@seqre seqre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@m4tx can you look at my comments, I'd like a second pair of eyes.

cot/src/common_types.rs
@@ -80,7 +88,7 @@ impl Password {
/// let password = Password::new("password");
/// ```
#[must_use]
pub fn new<T: Into<String>>(password: T) -> Self {
pub fn new<T: Into<SecureString>>(password: T) -> Self {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should leave it as Into<String>. Us using SecureString is our implementation detail, and we shouldn't force that on users and do any required casting ourselves.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch , I'll do that.

cot/src/config.rs
Comment on lines +822 to +823
/// The implementation of the [`PartialEq`] trait for this type is inherited from
/// [`SecureBytes`], which is constant-time to prevent timing attacks.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Am I blind or does SecureBytes (which is just SecureVec<u8>) claim it does constant-time comparison, yet they derive normal PartialEq in the source code? Source: https://docs.rs/secure-string/latest/src/secure_string/secure_types/vec.rs.html#23

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure, why would they claim it is constant-time if it is not, will investigate more.

@eibrahim95
Copy link
Contributor Author

@seqre What do you think about the miri thing, because that is a blocker for this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seqre seqre seqre left review comments

Assignees
No one assigned
Labels
C-lib Crate: cot (main library crate)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eibrahim95 @seqre