redoubt-buffer 0.1.0-rc.1

Page-aligned memory buffers with mlock and mprotect support
Documentation

Memory buffers with platform-specific protections and automatic zeroization.

This crate provides buffer implementations that combine automatic zeroization with platform-specific memory protection capabilities.

Buffer Types

PortableBuffer

Cross-platform buffer that works everywhere:

  • Uses standard heap allocation
  • Automatic zeroization on drop
  • No platform-specific protections
  • Available on all platforms

PageBuffer (Unix only)

Platform-specific buffer with memory protection:

  • Uses mmap for allocation
  • Optional mlock to prevent swapping to disk
  • Optional mprotect to make pages read-only when not in use
  • Automatic zeroization on drop
  • Only available on Unix platforms

Protection Strategies

PageBuffer supports two protection strategies:

  • MemProtected: Uses mprotect to make pages read-only by default. Data can only be accessed through closures that temporarily unprotect the page.
  • MemNonProtected: Pages remain readable/writable. Data can be accessed directly through slices.

Example: PortableBuffer

use redoubt_buffer::{Buffer, PortableBuffer, BufferError};

fn example() -> Result<(), BufferError> {
    let mut buffer = PortableBuffer::create(32);

    buffer.open_mut(&mut |slice: &mut [u8]| {
        slice[0] = 42;
        Ok(())
    })?;

    buffer.open(&mut |slice: &[u8]| {
        assert_eq!(slice[0], 42);
        Ok(())
    })?;

    // Buffer is zeroized on drop
    Ok(())
}
# example().unwrap();

Example: PageBuffer with Protection

#[cfg(unix)]
fn example() -> Result<(), redoubt_buffer::BufferError> {
    use redoubt_buffer::{Buffer, PageBuffer, ProtectionStrategy};

    let mut buffer = PageBuffer::new(ProtectionStrategy::MemProtected, 32)?;

    // Page is protected (read-only)
    // Must use closures to access data
    buffer.open_mut(&mut |slice: &mut [u8]| {
        slice[0] = 42;
        Ok(())
    })?;

    buffer.open(&mut |slice: &[u8]| {
        assert_eq!(slice[0], 42);
        Ok(())
    })?;

    // Page is automatically unprotected, zeroized, and freed on drop
    Ok(())
}
# #[cfg(unix)]
# example().unwrap();

License

GPL-3.0-only