feature(ExtendedKey): enforces the Zero() method

Author: sammyne

README.md

@@ -1,7 +1,5 @@
 # bip32
 
-==========
-
 [![CircleCI](https://circleci.com/gh/sammyne/bip32.svg?style=svg)](https://circleci.com/gh/sammyne/bip32)
 [![codecov](https://codecov.io/gh/sammyne/bip32/branch/master/graph/badge.svg)](https://codecov.io/gh/sammyne/bip32)
 [![Go Report Card](https://goreportcard.com/badge/github.com/sammyne/bip32)](https://goreportcard.com/report/github.com/sammyne/bip32)

extended_key.go

@@ -7,10 +7,6 @@ import "github.com/btcsuite/btcd/btcec"
 //   https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
 
 // ExtendedKey specifies the basic api for a extended private or public key.
-// TODO: add the Zero method manually clears all fields and bytes in the
-// extended key. This can be used to explicitly clear key material from memory
-// for enhanced security against memory scraping. This function only clears
-// this particular key and not any children that have already been derived.
 type ExtendedKey interface {
 	// AddressPubKeyHash returns the public key hash (20 bytes) derived from the
 	// key, which would be itself for public keys and the extended public key
@@ -73,4 +69,10 @@ type ExtendedKey interface {
 	SetNet(keyID Magic)
 	// String returns the extended key as a human-readable base58-encoded string.
 	String() string
+
+	// Zero manually clears all fields and bytes in the
+	// extended key. This can be used to explicitly clear key material from memory
+	// for enhanced security against memory scraping. This function only clears
+	// this particular key and not any children that have already been derived.
+	Zero()
 }

private_key.go

@@ -156,6 +156,17 @@ func (priv *PrivateKey) ToECPrivate() *btcec.PrivateKey {
 	return privKey
 }
 
+// Zero implements ExtendedKey
+func (priv *PrivateKey) Zero() {
+	if nil == priv {
+		return
+	}
+
+	priv.PublicKey.Zero()
+	Zero(priv.Data)
+	Zero(priv.Version)
+}
+
 // publicKeyData load the corresponding public key data in compressed form
 // bound to this private key. It will check whether the data part of the public
 // key is initialised, and initialise it if necessary.

private_key_test.go

@@ -306,3 +306,61 @@ func TestParsePrivateKey_Error(t *testing.T) {
 		}
 	}
 }
+
+func TestPrivateKey_Zero(t *testing.T) {
+	var testCases []bip32.Goldie
+	ReadGoldenJSON(t, bip32.GoldenName, &testCases)
+
+	isZero := func(data []byte) bool {
+		for _, v := range data {
+			if 0 != v {
+				return false
+			}
+		}
+
+		return true
+	}
+
+	isZeroKey := func(xpriv *bip32.PrivateKey) bool {
+		if nil == xpriv {
+			return true
+		}
+
+		xpub := xpriv.PublicKey
+		return isZero(xpriv.Data) && isZero(xpriv.Version) &&
+			isZero(xpub.ChainCode) && 0 == xpub.ChildIndex && isZero(xpub.Data) &&
+			0 == xpub.Level && isZero(xpub.ParentFP) && isZero(xpub.Version)
+	}
+
+	for _, c := range testCases {
+		chains := c.Chains
+
+		t.Run("", func(st *testing.T) {
+			for _, chain := range chains {
+				xpriv, err := bip32.ParsePrivateKey(chain.ExtendedPrivateKey)
+				if nil != err {
+					st.Fatalf("unexpected error: %v", err)
+				}
+
+				if isZeroKey(xpriv) {
+					st.Fatalf("private key %s shouldn't be zeroed",
+						chain.ExtendedPrivateKey)
+				}
+
+				xpriv.Zero()
+
+				if !isZeroKey(xpriv) {
+					st.Fatalf("private key %s should have been zeroed",
+						chain.ExtendedPrivateKey)
+				}
+			}
+		})
+	}
+
+	// edge case as nil private key
+	var xpriv *bip32.PrivateKey
+	xpriv.Zero()
+	if !isZeroKey(xpriv) {
+		t.Fatal("nil private key should be treated as zeroed already")
+	}
+}

public_key.go

@@ -160,6 +160,20 @@ func (pub *PublicKey) String() string {
 	return base58.CheckEncodeX(str, pub.Version...)
 }
 
+// Zero implements ExtendedKey
+func (pub *PublicKey) Zero() {
+	if nil == pub {
+		return
+	}
+
+	Zero(pub.ChainCode)
+	pub.ChildIndex = 0
+	Zero(pub.Data)
+	pub.Level = 0
+	Zero(pub.ParentFP)
+	Zero(pub.Version)
+}
+
 // NewPublicKey returns a new instance of an extended public key with the
 // given fields. No error checking is performed here as it's only intended to
 // be a convenience method used to create a populated struct. This function

public_key_test.go

@@ -261,3 +261,41 @@ func TestPublicKey_String_Zero(t *testing.T) {
 		t.Fatalf("invalid string: got %s, expect %s", got, expect)
 	}
 }
+
+func TestPublicKey_Zero(t *testing.T) {
+	var testCases []bip32.Goldie
+	ReadGoldenJSON(t, bip32.GoldenName, &testCases)
+
+	isZero := func(data []byte) bool {
+		for _, v := range data {
+			if 0 != v {
+				return false
+			}
+		}
+
+		return true
+	}
+
+	isZeroPK := func(xpub *bip32.PublicKey) bool {
+		return nil == xpub || (isZero(xpub.ChainCode) && 0 == xpub.ChildIndex &&
+			isZero(xpub.Data) && 0 == xpub.Level && isZero(xpub.ParentFP) &&
+			isZero(xpub.Version))
+	}
+
+	for i, c := range testCases {
+		for j, chain := range c.Chains {
+			xpub, _ := bip32.ParsePublicKey(chain.ExtendedPublicKey)
+			xpub.Zero()
+			if !isZeroPK(xpub) {
+				t.Fatalf("#(%d,%d): public key %s isn't zeroed fully", i, j,
+					chain.ExtendedPublicKey)
+			}
+		}
+	}
+
+	var xpub *bip32.PublicKey
+	xpub.Zero()
+	if !isZeroPK(xpub) {
+		t.Fatal("nil public key should remains zero")
+	}
+}

utils.go

@@ -7,3 +7,10 @@ func HardenIndex(i uint32) uint32 {
 	/* if i > math.MaxUint32-HardenedKeyStart { } */
 	return i + HardenedKeyStart
 }
+
+// Zero clears all data items to 0
+func Zero(data []byte) {
+	for i := range data {
+		data[i] = 0
+	}
+}