1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
use crateControlled;
use Cow;
/// Trait for types that can be converted to a `ProtectedRef`.
/// Conceptually similar to the `AsRef` trait in `std` but for `Protected` types.
/// This prevents the inner value from being accessed directly.
/// The trait is sealed so it cannot be implemented outside of this crate.
///
/// # Implementing `AsProtectedRef`
///
/// Implementing `AsProtectedRef` for a type allows it to be used in functions that take a `ProtectedRef`.
/// Note, that such implementations must be defined on inner types that already implement `AsProtectedRef`
/// because `ProtectedRef` cannot be constructed from the inner type directly.
///
/// ```
/// # mod vitaminc { pub mod protected { pub use vitaminc_protected::*; } }
/// use vitaminc::protected::{AsProtectedRef, Protected, ProtectedRef};
///
/// pub struct SensitiveData(Protected<Vec<u8>>);
///
/// impl AsProtectedRef<'_, Vec<u8>> for SensitiveData {
/// fn as_protected_ref(&self) -> ProtectedRef<Vec<u8>> {
/// self.0.as_protected_ref()
/// }
/// }
///
/// let data = SensitiveData(Protected::new(Vec::new()));
/// let pref: ProtectedRef<Vec<u8>> = data.as_protected_ref();
/// ```
///
// TODO: This is only really needed for compatability (so that types not using this API don't have to be moved).
// It might make sense to put this behind a feature flag.
/// String references cannot be zeroized, so we can't implement `Zeroize` for `Protected<&str>`.
/// Instead, we implement `AsProtectedRef` to allow the use of string references in functions that take them.
/// A wrapper around a reference to prevent inner access.
/// Conceptually similar to `&T` but prevents direct access to the inner value outside of this crate.
where
T: ?Sized;