rusk-wallet: zeroize passwords and AES keys

d-sonuga · d-sonuga · commit 2ca5810e43b7 · 2025-06-16T15:02:54.000+01:00
diff --git a/rusk-wallet/CHANGELOG.md b/rusk-wallet/CHANGELOG.md
@@ -27,6 +27,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add deploy contract output (display the new contractId)
 - Add optional deposit to ContractCall [#3650]
 - Add pagination for transaction history to not pollute the stdout [#3292]
+- Add zeroization for passwords and AES keys to prevent data leaks [#3687]
 
 ### Changed
 
@@ -86,6 +87,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 
 <!-- Issues -->
+[#3687]: https://github.com/dusk-network/rusk/issues/3687
 [#3734]: https://github.com/dusk-network/rusk/issues/3734
 [#3713]: https://github.com/dusk-network/rusk/issues/3713
 [#3712]: https://github.com/dusk-network/rusk/issues/3712
diff --git a/rusk-wallet/src/bin/command.rs b/rusk-wallet/src/bin/command.rs
@@ -11,6 +11,7 @@ pub use history::TransactionHistory;
 #[cfg(all(test, feature = "e2e-test"))]
 mod tests;
 
+use std::borrow::Borrow;
 use std::fmt;
 use std::fs::File;
 use std::io::Write;
@@ -40,6 +41,7 @@ use wallet_core::BalanceInfo;
 use crate::io::prompt;
 use crate::prompt::Prompt;
 use crate::settings::Settings;
+use crate::zeroizing_bytes::ZeroizingBytes;
 use crate::{WalletFile, WalletPath};
 
 /// Commands that can be run against the Dusk wallet
@@ -316,8 +318,8 @@ pub(crate) enum Command {
         name: Option<String>,
 
         /// Password for the exported keys [default: env(RUSK_WALLET_PWD)]
-        #[arg(short, long, env = "RUSK_WALLET_EXPORT_PWD")]
-        export_pwd: Option<String>,
+        #[arg(short, long, env = "RUSK_WALLET_EXPORT_PWD", value_parser = clap::value_parser!(ZeroizingBytes))]
+        export_pwd: Option<ZeroizingBytes>,
     },
 
     /// Show current settings
@@ -522,7 +524,7 @@ impl Command {
                 let pwd = match export_pwd {
                     Some(pwd) => pwd,
                     None => match settings.password.as_ref() {
-                        Some(p) => p.to_string(),
+                        Some(p) => p.clone(),
                         None => prompt::ask_pwd(
                             "Provide a password for your provisioner keys",
                         )?,
@@ -535,7 +537,7 @@ impl Command {
                     profile_idx,
                     &dir,
                     name,
-                    &pwd,
+                    pwd.borrow(),
                 )?;
 
                 Ok(RunResult::ExportedKeys(pub_key, key_pair))
@@ -720,7 +722,7 @@ impl Command {
     pub(crate) fn run_create(
         skip_recovery: bool,
         seed_file: &Option<PathBuf>,
-        password: &Option<String>,
+        password: &Option<ZeroizingBytes>,
         wallet_path: &WalletPath,
         prompter: &dyn Prompt,
     ) -> anyhow::Result<Wallet<WalletFile>> {
diff --git a/rusk-wallet/src/bin/command/tests/utils.rs b/rusk-wallet/src/bin/command/tests/utils.rs
@@ -19,6 +19,7 @@ use url::Url;
 use super::*;
 use crate::command::history::TransactionDirection;
 use crate::settings::{LogLevel, Logging};
+use crate::zeroizing_bytes::ZeroizingBytes;
 use crate::{connect, status, LogFormat};
 
 #[derive(Default)]
@@ -29,8 +30,8 @@ struct FakePrompter {
 impl Prompt for FakePrompter {
     fn create_new_password(
         &self,
-    ) -> anyhow::Result<String, inquire::InquireError> {
-        Ok("password".to_string())
+    ) -> anyhow::Result<ZeroizingBytes, inquire::InquireError> {
+        Ok(ZeroizingBytes::from("password".to_string()))
     }
 
     fn prompt_text(&self, _msg: &str) -> inquire::error::InquireResult<String> {
diff --git a/rusk-wallet/src/bin/io/args.rs b/rusk-wallet/src/bin/io/args.rs
@@ -9,6 +9,7 @@ use std::path::PathBuf;
 use clap::{arg, Parser};
 
 use crate::settings::{LogFormat, LogLevel};
+use crate::zeroizing_bytes::ZeroizingBytes;
 use crate::Command;
 
 #[derive(Parser, Debug)]
@@ -27,8 +28,8 @@ pub(crate) struct WalletArgs {
     pub network: Option<String>,
 
     /// Set the password for wallet's creation
-    #[arg(long, env = "RUSK_WALLET_PWD")]
-    pub password: Option<String>,
+    #[arg(long, env = "RUSK_WALLET_PWD", value_parser = clap::value_parser!(ZeroizingBytes))]
+    pub password: Option<ZeroizingBytes>,
 
     /// The state server fully qualified URL
     #[arg(long)]
diff --git a/rusk-wallet/src/bin/io/prompt.rs b/rusk-wallet/src/bin/io/prompt.rs
@@ -4,6 +4,7 @@
 //
 // Copyright (c) DUSK NETWORK. All rights reserved.
 
+use std::borrow::Borrow;
 use std::fmt::Display;
 use std::path::PathBuf;
 use std::str::FromStr;
@@ -35,10 +36,11 @@ use rusk_wallet::{PBKDF2_ROUNDS, SALT_SIZE};
 use sha2::{Digest, Sha256};
 
 use crate::command::TransactionHistory;
+use crate::zeroizing_bytes::ZeroizingBytes;
 
 pub(crate) trait Prompt {
     /// Prompt the user to enter a password
-    fn create_new_password(&self) -> InquireResult<String> {
+    fn create_new_password(&self) -> InquireResult<ZeroizingBytes> {
         create_new_password()
     }
 
@@ -52,37 +54,36 @@ pub(crate) struct Prompter;
 
 impl Prompt for Prompter {}
 
-pub(crate) fn ask_pwd(msg: &str) -> Result<String, InquireError> {
+pub(crate) fn ask_pwd(msg: &str) -> Result<ZeroizingBytes, InquireError> {
     let pwd = Password::new(msg)
         .with_display_toggle_enabled()
         .without_confirmation()
         .with_display_mode(PasswordDisplayMode::Masked)
         .prompt();
 
-    pwd
+    pwd.map(ZeroizingBytes::from)
 }
 
-pub(crate) fn create_new_password() -> Result<String, InquireError> {
+pub(crate) fn create_new_password() -> Result<ZeroizingBytes, InquireError> {
     let pwd = Password::new("Password:")
         .with_display_toggle_enabled()
         .with_display_mode(PasswordDisplayMode::Hidden)
         .with_custom_confirmation_message("Confirm password: ")
         .with_custom_confirmation_error_message("The passwords doesn't match")
         .prompt();
 
-    pwd
+    pwd.map(ZeroizingBytes::from)
 }
 
 /// Request the user to authenticate with a password and return the derived key
 pub(crate) fn derive_key_from_password(
     msg: &str,
-    password: &Option<String>,
+    password: &Option<ZeroizingBytes>,
     salt: Option<&[u8; SALT_SIZE]>,
     file_version: DatFileVersion,
-) -> anyhow::Result<Vec<u8>> {
+) -> anyhow::Result<ZeroizingBytes> {
     let pwd = match password.as_ref() {
-        Some(p) => p.to_string(),
-
+        Some(p) => p.clone(),
         None => ask_pwd(msg)?,
     };
 
@@ -91,13 +92,13 @@ pub(crate) fn derive_key_from_password(
 
 /// Request the user to create a wallet password and return the derived key
 pub(crate) fn derive_key_from_new_password(
-    password: &Option<String>,
+    password: &Option<ZeroizingBytes>,
     salt: Option<&[u8; SALT_SIZE]>,
     file_version: DatFileVersion,
     prompter: &dyn Prompt,
-) -> anyhow::Result<Vec<u8>> {
+) -> anyhow::Result<ZeroizingBytes> {
     let pwd = match password.as_ref() {
-        Some(p) => p.to_string(),
+        Some(p) => p.clone(),
         None => prompter.create_new_password()?,
     };
 
@@ -155,28 +156,29 @@ pub(crate) fn request_mnemonic_phrase(
 
 pub(crate) fn derive_key(
     file_version: DatFileVersion,
-    pwd: &str,
+    pwd: &ZeroizingBytes,
     salt: Option<&[u8; SALT_SIZE]>,
-) -> anyhow::Result<Vec<u8>> {
+) -> anyhow::Result<ZeroizingBytes> {
     match file_version {
         DatFileVersion::RuskBinaryFileFormat(version) => {
             if version_without_pre_higher(version) >= (0, 0, 2, 0) {
                 let salt = salt
                     .ok_or_else(|| anyhow::anyhow!("Couldn't find the salt"))?;
                 Ok(pbkdf2::pbkdf2_hmac_array::<Sha256, SALT_SIZE>(
-                    pwd.as_bytes(),
+                    pwd.borrow(),
                     salt,
                     PBKDF2_ROUNDS,
                 )
                 .to_vec())
             } else {
                 let mut hasher = Sha256::new();
-                hasher.update(pwd.as_bytes());
+                hasher.update(Borrow::<[u8]>::borrow(pwd));
                 Ok(hasher.finalize().to_vec())
             }
         }
-        _ => Ok(blake3::hash(pwd.as_bytes()).as_bytes().to_vec()),
+        _ => Ok(blake3::hash(pwd.borrow()).as_bytes().to_vec()),
     }
+    .map(ZeroizingBytes::from)
 }
 
 /// Request a directory
diff --git a/rusk-wallet/src/bin/main.rs b/rusk-wallet/src/bin/main.rs
@@ -9,11 +9,14 @@ mod config;
 mod interactive;
 mod io;
 mod settings;
+mod zeroizing_bytes;
 
 use command::{gen_iv, gen_salt};
 pub(crate) use command::{Command, RunResult};
 use io::prompt::{ask_pwd, derive_key, Prompter};
+use zeroizing_bytes::ZeroizingBytes;
 
+use std::borrow::Borrow;
 use std::fs;
 use std::path::PathBuf;
 
@@ -36,7 +39,7 @@ use io::{prompt, status, WalletArgs};
 #[derive(Debug, Clone)]
 pub(crate) struct WalletFile {
     path: WalletPath,
-    aes_key: Vec<u8>,
+    aes_key: ZeroizingBytes,
     salt: Option<[u8; SALT_SIZE]>,
     iv: Option<[u8; IV_SIZE]>,
 }
@@ -47,7 +50,7 @@ impl SecureWalletFile for WalletFile {
     }
 
     fn aes_key(&self) -> &[u8] {
-        &self.aes_key
+        self.aes_key.borrow()
     }
 
     fn salt(&self) -> Option<&[u8; SALT_SIZE]> {
@@ -295,13 +298,11 @@ async fn exec() -> anyhow::Result<()> {
 
     let file_version = wallet.get_file_version()?;
 
-    let password = &settings.password;
-
     if file_version.is_old() {
         let salt = gen_salt();
         let iv = gen_iv();
         let pwd = match password.as_ref() {
-            Some(p) => p.to_string(),
+            Some(p) => p.clone(),
             None => ask_pwd("Updating your wallet data file, please enter your wallet password ")?,
         };
 
diff --git a/rusk-wallet/src/bin/settings.rs b/rusk-wallet/src/bin/settings.rs
@@ -13,6 +13,7 @@ use url::Url;
 
 use crate::config::Network;
 use crate::io::WalletArgs;
+use crate::zeroizing_bytes::ZeroizingBytes;
 
 #[derive(clap::ValueEnum, Debug, Clone)]
 pub(crate) enum LogFormat {
@@ -54,7 +55,7 @@ pub(crate) struct Settings {
     pub(crate) logging: Logging,
 
     pub(crate) wallet_dir: PathBuf,
-    pub(crate) password: Option<String>,
+    pub(crate) password: Option<ZeroizingBytes>,
 }
 
 pub(crate) struct SettingsBuilder {
diff --git a/rusk-wallet/src/bin/zeroizing_bytes.rs b/rusk-wallet/src/bin/zeroizing_bytes.rs
@@ -0,0 +1,30 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+//
+// Copyright (c) DUSK NETWORK. All rights reserved.
+
+use std::borrow::Borrow;
+
+use zeroize::{Zeroize, ZeroizeOnDrop};
+
+#[derive(Debug, Clone, PartialEq, Eq, Hash, Zeroize, ZeroizeOnDrop)]
+pub struct ZeroizingBytes(Vec<u8>);
+
+impl From<String> for ZeroizingBytes {
+    fn from(s: String) -> Self {
+        Self(s.into_bytes())
+    }
+}
+
+impl From<Vec<u8>> for ZeroizingBytes {
+    fn from(v: Vec<u8>) -> Self {
+        Self(v)
+    }
+}
+
+impl Borrow<[u8]> for ZeroizingBytes {
+    fn borrow(&self) -> &[u8] {
+        &self.0
+    }
+}
diff --git a/rusk-wallet/src/wallet.rs b/rusk-wallet/src/wallet.rs
@@ -580,7 +580,7 @@ impl<F: SecureWalletFile + Debug> Wallet<F> {
         profile_idx: u8,
         dir: &Path,
         filename: Option<String>,
-        pwd: &str,
+        pwd: &[u8],
     ) -> Result<(PathBuf, PathBuf), Error> {
         // we're expecting a directory here
         if !dir.is_dir() {
@@ -596,7 +596,7 @@ impl<F: SecureWalletFile + Debug> Wallet<F> {
         )?;
 
         sk.zeroize();
-        
+
         Ok(keys_paths)
     }
 
