Struct secrets::Secret

pub struct Secret<T> { /* fields omitted */ }

A type that wraps allocated memory suitable for cryptographic secrets.

When initialized with existing data, the memory of the existing data is zeroed out. That said, this library cannot guarantee that that memory has not been copied elsewhere, swapped to disk, or otherwise handled insecurely so rely on this with caution.

Examples

Generating cryptographic keys:

use secrets::Secret;

let secret   = Secret::<[u8; 32]>::random();
let secret_r = secret.borrow();

println!("{:?}", secret_r);

Secrets from existing mutable data:

use secrets::Secret;

// static data for the test; static data *can't* be wiped, but
// copies of it will be
let reference : &'static [u8; 4] = b"\xfa\x12\x00\xd9";
let zeroes    : &'static [u8; 4] = b"\x00\x00\x00\x00";

let mut bytes    = *reference;
let     secret   = Secret::from(&mut bytes);
let     secret_r = secret.borrow();

assert_eq!(*reference, *secret_r);
assert_eq!(*zeroes,    bytes);

Accessing array contents through pointers:

use secrets::Secret;
use std::ptr;

let mut secret   = unsafe { Secret::<[u8; 4]>::uninitialized() };
let mut secret_w = secret.borrow_mut();

unsafe {
    ptr::write_bytes(
        secret_w.as_mut_ptr(),
        0xd0,
        secret_w.len(),
    );
}

assert_eq!(*b"\xd0\xd0\xd0\xd0", *secret_w);

Wrapping custom struct types:

use secrets::{Secret, Zeroable};

#[derive(Debug)]
#[derive(PartialEq)]
struct SensitiveData { a: u64, b: u8 };

impl Zeroable for SensitiveData {};
impl Default  for SensitiveData {
    fn default() -> Self { SensitiveData { a: 100, b: 255 } }
}

let zeroed  = Secret::<SensitiveData>::zero();
let default = Secret::<SensitiveData>::default();

assert_eq!(SensitiveData { a: 0, b: 0 }, *zeroed .borrow());
assert_eq!(SensitiveData::default(),     *default.borrow());

Methods

impl<T> Secret<T> where
    T: Randomizable, 

fn random() -> Self

Creates a new Secret capable of storing an object of type T and initialized with a cryptographically random value.

impl<T> Secret<T> where
    T: Zeroable, 

fn zero() -> Self

Creates a new Secret capable of storing an object of type T and initialized to all zeroes.

impl<T> Secret<T>

unsafe fn uninitialized() -> Self

Creates a new Secret capable of storing an object of type T.

By default, the allocated region is filled with 0xd0 bytes in order to help catch bugs due to uninitialized data. This method is marked as unsafe because filling an arbitrary type with garbage data is undefined behavior.

unsafe fn new<F>(init: F) -> Self where
    F: FnOnce(&mut T), 

Creates and initializes a new Secret capable of storing an object of type T.

Initialization is handled by a closure passed to method, which accepts a reference to the object to be initialized. The data in this reference will be uninitialized until written to, so care must be taken to initialize its memory without reading from it to avoid undefined behavior.

fn size(&self) -> usize

Returns the size in bytes of the data contained in the Secret

fn borrow(&self) -> Ref<T>

Returns a Ref<T> from which elements in the Secret can be safely read from.

fn borrow_mut(&mut self) -> RefMut<T>

Returns a Ref<T> from which elements in the Secret can be safely read from or written to.

Trait Implementations

impl<T: Debug> Debug for Secret<T>

fn fmt(&self, __arg_0: &mut Formatter) -> Result

Formats the value using the given formatter.

impl<T> PartialEq for Secret<T>

fn eq(&self, s: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl<T> Eq for Secret<T>

impl<'a, T> From<&'a mut T> for Secret<T> where
    T: Zeroable, 

fn from(data: &mut T) -> Self

Moves the contents of data into a Secret and zeroes out the contents of data.

impl<T> Default for Secret<T> where
    T: Default, 

fn default() -> Self

Creates a new Secret with the default value for T.