const-secret 0.1.0

A `no_std` crate for compile-time encrypted secrets.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

//! Drop strategies for handling encrypted data when it goes out of scope.
//!
//! This module provides different strategies for what happens to decrypted data
//! when an [`Encrypted`](crate::Encrypted) value is dropped. Each strategy
//! implements the [`DropStrategy`] trait.
//!
//! # Available Strategies
//!
//! - [`Zeroize`]: Overwrites the buffer with zeros using the `zeroize` crate
//! - [`NoOp`]: Does nothing, leaving the data in memory as-is
//!
//! Algorithm-specific strategies:
//! - [`xor::ReEncrypt`](crate::xor::ReEncrypt): Re-encrypts with XOR
//! - [`rc4::ReEncrypt`](crate::rc4::ReEncrypt): Re-encrypts with RC4
//!
//! # Generic Over Extra Data
//!
//! These strategies are generic over the `Extra` type to support different
//! algorithms that may need to store additional data (like encryption keys).

use core::marker::PhantomData;
use zeroize::Zeroize as ZeroizeTrait;

pub trait DropStrategy {
    type Extra;
    fn drop(data: &mut [u8], extra: &Self::Extra);
}

/// Zeroizes the buffer on drop. Generic over the Extra type to work with any algorithm.
pub struct Zeroize<E = ()>(PhantomData<E>);
/// Does nothing on drop. Generic over the Extra type to work with any algorithm.
pub struct NoOp<E = ()>(PhantomData<E>);

impl<E> DropStrategy for Zeroize<E> {
    type Extra = E;
    fn drop(data: &mut [u8], _extra: &E) {
        data.zeroize();
    }
}

impl<E> DropStrategy for NoOp<E> {
    type Extra = E;
    fn drop(_data: &mut [u8], _extra: &E) {}
}