ZeroizingMutGuard

redoubt_zero_core

Struct ZeroizingMutGuard 

Source 
pub struct ZeroizingMutGuard<'a, T>
where
    T: FastZeroizable + ZeroizationProbe + ?Sized,
{ /* private fields */ }
Expand description

RAII guard for mutable references that automatically zeroizes on drop.

ZeroizingMutGuard wraps a mutable reference &mut T and ensures that the referenced value is zeroized when the guard is dropped. This is useful for protecting sensitive data during temporary operations (e.g., encryption, decryption, signing).

§Design

  • Wraps &'a mut T (borrows the value mutably)
  • Implements Deref and DerefMut for convenient access
  • Zeroizes *inner on drop via #[fast_zeroize(drop)]
  • Contains ZeroizeOnDropSentinel to verify zeroization happened

§Usage

use redoubt_zero_core::{ZeroizingMutGuard, ZeroizationProbe};

let mut sensitive: u64 = 12345;

{
    // Guard borrows `sensitive` and zeroizes it on drop
    let mut guard = ZeroizingMutGuard::from(&mut sensitive);
    *guard = 67890;
    println!("Value: {}", *guard);
} // guard drops here → sensitive is zeroized

assert!(sensitive.is_zeroized());

§Composition with Temporary Data

ZeroizingMutGuard is useful for wrapping sensitive temporary data:

use redoubt_zero_core::ZeroizingMutGuard;

struct Context<'a> {
    key: ZeroizingMutGuard<'a, [u8; 32]>,
    nonce: ZeroizingMutGuard<'a, [u8; 16]>,
}

impl Drop for Context<'_> {
    fn drop(&mut self) {
        // key and nonce auto-zeroize when guards drop
    }
}

§Panics

The guard panics on drop if the wrapped value’s ZeroizeOnDropSentinel was not marked as zeroized. This ensures zeroization invariants are enforced.

Implementations§

Source§

impl<'a, T> ZeroizingMutGuard<'a, T>
where T: FastZeroizable + ZeroizationProbe + ?Sized,

Source

pub fn from(inner: &'a mut T) -> Self

Creates a new guard wrapping a mutable reference.

The guard takes ownership of the mutable reference and will zeroize the referenced value when dropped.

§Example
use redoubt_zero_core::ZeroizingMutGuard;

let mut value: u32 = 42;

let guard = ZeroizingMutGuard::from(&mut value);
assert_eq!(*guard, 42);

Trait Implementations§

Source§

impl<'a, T> AssertZeroizeOnDrop for ZeroizingMutGuard<'a, T>
where T: FastZeroizable + ZeroizationProbe + ?Sized,

Source§

fn clone_sentinel(&self) -> ZeroizeOnDropSentinel

Clones the internal ZeroizeOnDropSentinel for verification. Read more
Source§

fn assert_zeroize_on_drop(self)

Asserts that zeroization happens when this value is dropped. Read more
Source§

impl<'a, T> Debug for ZeroizingMutGuard<'a, T>
where T: FastZeroizable + ZeroizationProbe + ?Sized,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'a, T> Deref for ZeroizingMutGuard<'a, T>
where T: FastZeroizable + ZeroizationProbe + ?Sized,

Source§

type Target = T

The resulting type after dereferencing.
Source§

fn deref(&self) -> &Self::Target

Dereferences the value.
Source§

impl<'a, T> DerefMut for ZeroizingMutGuard<'a, T>
where T: FastZeroizable + ZeroizationProbe + ?Sized,

Source§

fn deref_mut(&mut self) -> &mut Self::Target

Mutably dereferences the value.
Source§

impl<'a, T> Drop for ZeroizingMutGuard<'a, T>
where T: FastZeroizable + ZeroizationProbe + ?Sized,

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl<'a, T> FastZeroizable for ZeroizingMutGuard<'a, T>
where T: FastZeroizable + ZeroizationProbe + ?Sized,

Source§

fn fast_zeroize(&mut self)

Zeroizes the value in place. Read more
Source§

impl<'a, T> ZeroizationProbe for ZeroizingMutGuard<'a, T>
where T: FastZeroizable + ZeroizationProbe + ?Sized,

Source§

fn is_zeroized(&self) -> bool

Returns true if the value is zeroized (all bytes are 0). Read more

Auto Trait Implementations§

§

impl<'a, T> Freeze for ZeroizingMutGuard<'a, T>
where T: ?Sized,

§

impl<'a, T> RefUnwindSafe for ZeroizingMutGuard<'a, T>
where T: RefUnwindSafe + ?Sized,

§

impl<'a, T> Send for ZeroizingMutGuard<'a, T>
where T: Send + ?Sized,

§

impl<'a, T> Sync for ZeroizingMutGuard<'a, T>
where T: Sync + ?Sized,

§

impl<'a, T> Unpin for ZeroizingMutGuard<'a, T>
where T: ?Sized,

§

impl<'a, T> !UnwindSafe for ZeroizingMutGuard<'a, T>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<P, T> Receiver for P
where P: Deref<Target = T> + ?Sized, T: ?Sized,

Source§

type Target = T

🔬This is a nightly-only experimental API. (arbitrary_self_types)
The target type on which the method may be called.
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.