age_setup/security.rs
1use zeroize::Zeroize;
2
3/// Overwrites a byte buffer with zeros in a way that cannot be optimized away.
4///
5/// Uses the [`Zeroize`] trait from the `zeroize` crate to guarantee that the
6/// memory is cleared even in release builds. This is essential for securely
7/// erasing sensitive material such as secret keys from memory.
8///
9/// # Parameters
10///
11/// * `data` – A mutable byte slice whose contents will be zeroized.
12///
13/// # Examples
14///
15/// ```rust
16/// use age_setup::security::wipe_memory;
17///
18/// let mut secret = vec![1, 2, 3, 4];
19/// wipe_memory(&mut secret);
20/// assert_eq!(secret, vec![0, 0, 0, 0]);
21/// ```
22///
23/// Empty buffers are handled gracefully:
24///
25/// ```rust
26/// use age_setup::security::wipe_memory;
27///
28/// let mut empty: Vec<u8> = vec![];
29/// wipe_memory(&mut empty);
30/// assert_eq!(empty, vec![]);
31/// ```
32///
33/// # See Also
34///
35/// * [`SecretKey`](crate::SecretKey) – Uses `Zeroizing` for automatic cleanup.
36/// * [`zeroize`](https://docs.rs/zeroize) – The underlying crate.
37pub fn wipe_memory(data: &mut [u8]) {
38 data.zeroize();
39}
40
41#[cfg(test)]
42mod tests {
43 use super::*;
44
45 #[test]
46 fn wipe_non_empty_buffer() {
47 let mut v = vec![1, 2, 3];
48 wipe_memory(&mut v);
49 assert_eq!(v, vec![0, 0, 0]);
50 }
51
52 #[test]
53 fn wipe_empty_buffer() {
54 let mut v: Vec<u8> = vec![];
55 wipe_memory(&mut v);
56 assert_eq!(v, vec![]);
57 }
58
59 #[test]
60 fn wipe_sensitive_data() {
61 let mut secret_key = b"AGE-SECRET-KEY-1TEST".to_vec();
62 wipe_memory(&mut secret_key);
63 assert!(secret_key.iter().all(|&b| b == 0));
64 }
65}