Skip to main content

SecureBuffer

hardware_enclave::memory

Struct SecureBuffer 

Source 
pub struct SecureBuffer { /* private fields */ }
Expand description

A page-guarded, mlock’d buffer for secret material.

Layout: [guard page (PROT_NONE)] [inner region, mlock’d] [guard page (PROT_NONE)]

Guard pages are filled with random canary bytes. On drop, canaries are verified (detects overflow), inner region is zeroized, and all pages are unmapped.

Implementations§

Source§

impl SecureBuffer

Source

pub fn new(size: usize) -> Result<Self>

Allocate a new mutable, mlock’d, guard-paged buffer.

Source

pub fn size(&self) -> usize

Source

pub fn is_alive(&self) -> bool

Source

pub fn is_mutable(&self) -> bool

Source

pub fn bytes(&mut self) -> &mut [u8]

Get a mutable slice to the inner region. Requires Mutable state.

Source

pub fn as_slice(&self) -> &[u8]

Get a read-only slice. Requires non-Dead state.

Source

pub fn freeze(&mut self) -> Result<()>

Make the buffer read-only.

Source

pub fn melt(&mut self) -> Result<()>

Make the buffer writable again.

Source

pub fn destroy(&mut self) -> Result<()>

Verify guard-page canaries, zeroize, unlock, and free the allocation.

Idempotent — returns Ok(()) immediately if already Dead.

Source

pub fn scramble(&mut self) -> Result<()>

Fill with random bytes (stays mutable).

Trait Implementations§

Source§

impl Debug for SecureBuffer

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Drop for SecureBuffer

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

fn pin_drop(self: Pin<&mut Self>)

🔬This is a nightly-only experimental API. (pin_ergonomics)
Execute the destructor for this type, but different to Drop::drop, it requires self to be pinned. Read more
Source§

impl Send for SecureBuffer

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more