this repo has no description
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Zeroize HeldTree's cabinet X25519 private key on drop

X25519PrivateKey is a type alias for [u8; 32], no Zeroize, no Drop.
HeldTree held an Option<X25519PrivateKey> as a plain field — when
uninstall_cabinet / uninstall_all dropped the enclosing Option, the
bytes stayed in the heap slot. Both the module docstring and the
new wipeState doc asserted the cabinet key was scrubbed on drop;
neither was actually true.

Derive RedactedDebug on HeldTree and tag the private_key field
`#[redact]`. The field's Option<[u8; 32]> composes through zeroize's
built-in `Zeroize for Option<T: Zeroize>`, so no wrapper is needed
— the derive's generated Drop zeroizes the field when HeldTree is
dropped. The group_keys ContentKeys already auto-zeroize via their
own impl; this commit closes the last gap in the keeper's crypto
material lifecycle.

Adds an impl Debug for Redacted<'_, Option<[u8; N]>> in crypto/mod.rs
to keep the derive's Debug output honest — matches the existing
Redacted<'_, Option<String>> impl that covers the String-in-Option
case. Without it, RedactedDebug fails to compile on any struct that
has a `#[redact] Option<[u8; N]>` field.

+11
+9
crates/opake-core/src/crypto/mod.rs
··· 85 85 } 86 86 } 87 87 88 + impl<const N: usize> std::fmt::Debug for Redacted<'_, Option<[u8; N]>> { 89 + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { 90 + match self.0 { 91 + Some(_) => write!(f, "Some([{N} bytes])"), 92 + None => write!(f, "None"), 93 + } 94 + } 95 + } 96 + 88 97 /// A 256-bit AES content encryption key. 89 98 /// 90 99 /// Zeroized on drop — RedactedDebug auto-generates Zeroize + Drop for
+2
crates/opake-core/src/indexer/tree_keeper/mod.rs
··· 47 47 pub struct WatcherHandle(u64); 48 48 49 49 /// A persistent tree for one context (cabinet or workspace). 50 + #[derive(crate::RedactedDebug)] 50 51 struct HeldTree { 51 52 tree: DirectoryTree, 52 53 /// For cabinet trees: the private X25519 key for direct key unwrapping. 53 54 /// For workspace trees: None. 55 + #[redact] 54 56 private_key: Option<X25519PrivateKey>, 55 57 /// For workspace trees: single-entry map of keyring URI → group key. 56 58 /// For cabinet trees: empty.