bearssl/ec: add basic key wrappings

bearssl/src/ec.rs

@@ -0,0 +1,5 @@
+mod private;
+mod public;
+
+pub use private::PrivateKey;
+pub use public::PublicKey;

bearssl/src/ec/private.rs

@@ -0,0 +1,31 @@
+use core::ops::Drop;
+use core::slice;
+
+use bearssl_sys::br_ec_private_key;
+
+#[repr(transparent)]
+pub struct PrivateKey(pub(crate) br_ec_private_key);
+
+#[cfg(feature = "zeroize")]
+impl Drop for PrivateKey {
+    fn drop(&mut self) {
+        use zeroize::Zeroize;
+
+        self.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl zeroize::ZeroizeOnDrop for PrivateKey {}
+
+#[cfg(feature = "zeroize")]
+impl zeroize::Zeroize for PrivateKey {
+    fn zeroize(&mut self) {
+        // Safety: Slice constructions should be safe as long as lengths have not been modified
+        // outside what BearSSL set.
+        unsafe {
+            let x = slice::from_raw_parts_mut(self.0.x, self.0.xlen);
+            x.zeroize();
+        }
+    }
+}

bearssl/src/ec/public.rs

@@ -0,0 +1,17 @@
+use core::ops::Drop;
+use core::slice;
+
+use bearssl_sys::br_ec_public_key;
+
+#[repr(transparent)]
+pub struct PublicKey(pub(crate) br_ec_public_key);
+
+#[cfg(feature = "zeroize")]
+impl zeroize::Zeroize for PublicKey {
+    fn zeroize(&mut self) {
+        unsafe {
+            let q = slice::from_raw_parts_mut(self.0.q, self.0.qlen);
+            q.zeroize();
+        }
+    }
+}

bearssl/src/lib.rs

@@ -3,6 +3,7 @@
 #[cfg(feature = "std")]
 extern crate std;
 
+pub mod ec;
 pub mod engine;
 pub mod profile;
 pub mod rsa;