native-ossl 0.1.1

Native Rust idiomatic bindings to OpenSSL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

//! Utilities example — `SecretBuf` for secure key material storage.
//!
//! `SecretBuf` wraps a `Vec<u8>` and calls `OPENSSL_cleanse` on drop,
//! ensuring sensitive bytes are zeroed even under compiler optimisation.
//!
//! Run with: cargo run --example util -p native-ossl

use native_ossl::digest::DigestAlg;
use native_ossl::kdf::HkdfBuilder;
use native_ossl::rand::Rand;
use native_ossl::util::SecretBuf;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    // ── Fill a secure buffer with random key material ─────────────────────────

    let mut key = SecretBuf::with_len(32);
    Rand::fill(key.as_mut_slice())?;
    println!(
        "Random key ({} bytes): {}",
        key.len(),
        hex::encode(key.as_ref())
    );

    // ── Derive key material directly into a SecretBuf ─────────────────────────

    let sha256 = DigestAlg::fetch(c"SHA2-256", None)?;
    let mut derived = SecretBuf::with_len(32);
    HkdfBuilder::new(&sha256)
        .key(key.as_ref())
        .salt(b"application-specific-salt")
        .info(b"encryption key")
        .derive(derived.as_mut_slice())?;
    println!(
        "Derived key ({} bytes): {}",
        derived.len(),
        hex::encode(derived.as_ref())
    );

    // ── Wrap an existing allocation ───────────────────────────────────────────

    let raw: Vec<u8> = vec![0x42u8; 16];
    let secret = SecretBuf::new(raw);
    // `raw` is consumed — only `secret` owns the bytes now.
    println!(
        "Wrapped allocation ({} bytes): {}",
        secret.len(),
        hex::encode(secret.as_ref())
    );

    // ── Copy from a borrowed slice ────────────────────────────────────────────

    let source = b"password";
    let copy = SecretBuf::from_slice(source);
    assert_eq!(copy.as_ref(), source.as_ref());
    println!("from_slice copy: {:?}", std::str::from_utf8(copy.as_ref())?);

    // When `key`, `derived`, `secret`, and `copy` are dropped here,
    // OPENSSL_cleanse zeroes each allocation before the heap memory is freed.

    Ok(())
}