flex_alloc_secure::boxed

Struct ShieldedBox

Source 
pub struct ShieldedBox<T: ?Sized> { /* private fields */ }
Expand description

A flex-alloc Box container type which applies additional protections around the allocated memory, and is encrypted when not currently being accessed.

  • The memory is allocated using SecureAlloc and flagged to remain resident in physical memory (using mlock/VirtualLock).
  • When released, the allocated memory is securely zeroed.
  • When not currently being accessed by the methods of the ExposeProtected trait, the allocated memory pages are flagged for protection from other processes using (mprotect/VirtualProtect).
  • When not currently being accessed, the allocated memory is encrypted using the ChaCha8 encryption cipher. A large (16Kb) buffer of randomized bytes is used as associated data during the encryption and decryption process.

Trait Implementations§

Source§

impl<T: ?Sized> Debug for ShieldedBox<T>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<T: Default> Default for ShieldedBox<T>

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl<T: ?Sized> Drop for ShieldedBox<T>

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl<T: ?Sized> ExposeProtected for ShieldedBox<T>

Source§

type Target = T

The type of the referenced value.
Source§

fn expose_read<F>(&self, f: F)
where F: FnOnce(SecureRef<&T>),

Expose the protected value for reading.
Source§

fn expose_write<F>(&mut self, f: F)
where F: FnOnce(SecureRef<&mut Self::Target>),

Expose the protected value for updating.
Source§

fn unprotect(self) -> SecureBox<Self::Target>

Unwrap the protected value.
Source§

impl<T: Clone> From<&[T]> for ShieldedBox<[T]>

Source§

fn from(data: &[T]) -> Self

Converts to this type from the input type.
Source§

impl From<&str> for ShieldedBox<str>

Source§

fn from(data: &str) -> Self

Converts to this type from the input type.
Source§

impl<T, const N: usize> From<[T; N]> for ShieldedBox<[T]>

Source§

fn from(data: [T; N]) -> Self

Converts to this type from the input type.
Source§

impl<T: ?Sized> From<Box<T, SecureAlloc>> for ShieldedBox<T>

Source§

fn from(boxed: SecureBox<T>) -> Self

Converts to this type from the input type.
Source§

impl<T> From<T> for ShieldedBox<T>

Source§

fn from(value: T) -> Self

Converts to this type from the input type.
Source§

impl<T> From<Vec<T, SecureAlloc>> for ShieldedBox<[T]>

Source§

fn from(vec: SecureVec<T>) -> Self

Converts to this type from the input type.
Source§

impl<T: Send + ?Sized> Send for ShieldedBox<T>

Source§

impl<T: Sync + ?Sized> Sync for ShieldedBox<T>

Source§

impl<T: ?Sized> ZeroizeOnDrop for ShieldedBox<T>

Auto Trait Implementations§

§

impl<T> !Freeze for ShieldedBox<T>

§

impl<T> !RefUnwindSafe for ShieldedBox<T>

§

impl<T> Unpin for ShieldedBox<T>
where T: ?Sized,

§

impl<T> UnwindSafe for ShieldedBox<T>
where T: RefUnwindSafe + ?Sized,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<!> for T

Source§

fn from(t: !) -> T

Converts to this type from the input type.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, W> ProtectedInit for W
where W: From<Box<T, SecureAlloc>> + ExposeProtected<Target = T>,

Source§

fn init<F>(f: F) -> Self
where F: FnOnce(SecureRef<&mut Self::Target>), Self::Target: Copy + FillBytes,

For a concrete type implementing FillBytes, initialize with the standard indicator value and call the closure f with a mutable reference to the contained value before applying protections.
Source§

fn init_default<F>(f: F) -> Self
where F: FnOnce(SecureRef<&mut Self::Target>), Self::Target: Default,

Initialize with the default value for Self::Target, and call the closure f with a mutable reference to the contained value before applying protections.
Source§

fn init_random<F>(rng: impl RngCore, f: F) -> Self
where F: FnOnce(SecureRef<&mut Self::Target>), Self::Target: Copy + FillBytes,

Initialize with a randomized value for Self::Target, and call the closure f with a mutable reference to the contained value before applying protections.
Source§

fn init_take<F>(from: &mut Self::Target, f: F) -> Self
where F: FnOnce(SecureRef<&mut Self::Target>), Self::Target: DefaultIsZeroes,

Initialize by copying the value contained in from and zeroizing the existing copy. Call the closure f with a mutable reference to the contained value before applying protections.
Source§

fn init_with<F>(f: F) -> Self
where F: FnOnce() -> Self::Target, Self::Target: Sized,

Initialize by calling the closure f, store the resulting instance of Self::Target and apply protections.
Source§

fn try_init_with<F, E>(f: F) -> Result<Self, E>
where F: FnOnce() -> Result<Self::Target, E>, Self::Target: Sized,

Initialize by calling the fallible closure f, store the resulting instance of Self::Target and apply protections. On failure, return the error type E.
Source§

fn random(rng: impl RngCore) -> Self
where Self::Target: Copy + FillBytes,

Create a new protected instance containing a random value.
Source§

fn take(from: &mut Self::Target) -> Self
where Self::Target: DefaultIsZeroes,

Create a new protected instance by copying and zeroizing an existing value.
Source§

impl<T, W> ProtectedInitSlice for W
where W: From<Box<[T], SecureAlloc>> + ExposeProtected<Target = [T]>,

Source§

type Item = T

The type of the elements contained in the slice.
Source§

fn init_slice<F>(len: usize, f: F) -> Self
where F: FnOnce(SecureRef<&mut [Self::Item]>), Self::Item: Copy + FillBytes,

For a concrete type implementing FillBytes, initialize a slice of length len with the standard indicator value and call the closure f with a mutable reference to the slice before applying protections.
Source§

fn init_default_slice<F>(len: usize, f: F) -> Self
where F: FnOnce(SecureRef<&mut [Self::Item]>), Self::Item: Default,

Initialize with a slice of length len containing the default value for Self::Item, and call the closure f with a mutable reference to the slice before applying protections.
Source§

fn init_random_slice<F>(len: usize, rng: impl RngCore, f: F) -> Self
where F: FnOnce(SecureRef<&mut [Self::Item]>), Self::Item: Copy + FillBytes,

Initialize with a randomized slice of length len, and call the closure f with a mutable reference to the slice before applying protections.
Source§

fn init_take_slice<F>(from: &mut [Self::Item], f: F) -> Self
where F: FnOnce(SecureRef<&mut [Self::Item]>), Self::Item: DefaultIsZeroes,

Initialize by copying the slice from and zeroizing the existing copy. Call the closure f with a mutable reference to the contained slice before applying protections.
Source§

fn random_slice(len: usize, rng: impl RngCore) -> Self
where Self::Item: Copy + FillBytes,

Create a new protected instance containing a random slice of length len.
Source§

fn take_slice(from: &mut [Self::Item]) -> Self
where Self::Item: DefaultIsZeroes,

Create a new protected slice instance by copying and zeroizing an existing slice.
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.