ZeroizingGuard

redoubt_zero_core

Struct ZeroizingGuard 

Source 
pub struct ZeroizingGuard<T>
where
    T: FastZeroizable + ZeroizationProbe + Default,
{ /* private fields */ }
Expand description

RAII guard for owned values that automatically zeroizes on drop.

ZeroizingGuard wraps an owned value T in a Box and ensures that it is zeroized when the guard is dropped. This is useful for returning sensitive data from functions while guaranteeing automatic cleanup.

§Design

  • Wraps Box<T> (owns the value on the heap, avoiding stack copies)
  • Takes &mut T in constructor and swaps with T::default(), zeroizing the source
  • Implements Deref and DerefMut for convenient access
  • Zeroizes inner on drop
  • Contains ZeroizeOnDropSentinel to verify zeroization happened

§Usage

use redoubt_zero_core::{ZeroizingGuard, ZeroizationProbe, FastZeroizable};

fn create_sensitive_data() -> ZeroizingGuard<u64> {
    let mut value = 12345u64;
    ZeroizingGuard::from_mut(&mut value)
}

{
    let guard = create_sensitive_data();
    assert_eq!(*guard, 12345);
} // guard drops here → value is zeroized

§Panics

The guard panics on drop if the wrapped value’s ZeroizeOnDropSentinel was not marked as zeroized. This ensures zeroization invariants are enforced.

Implementations§

Source§

impl<T> ZeroizingGuard<T>
where T: FastZeroizable + ZeroizationProbe + Default,

Source

pub fn from_mut(value: &mut T) -> Self

Creates a new guard by swapping the value from the source and zeroizing it.

The source location is swapped with T::default() and then zeroized, ensuring no copies of the sensitive data remain on the stack. The value is stored in a Box on the heap.

§Example
use redoubt_zero_core::{ZeroizingGuard, ZeroizationProbe};

let mut value = 42u32;
let guard = ZeroizingGuard::from_mut(&mut value);
assert_eq!(*guard, 42);
assert!(value.is_zeroized()); // source is zeroized
Source

pub fn from_default() -> Self

Creates a new guard with the default value of T.

This is a convenience method equivalent to:

let mut value = T::default();
ZeroizingGuard::from_mut(&mut value)
§Example
use redoubt_zero_core::{ZeroizingGuard, ZeroizationProbe};

let guard: ZeroizingGuard<u64> = ZeroizingGuard::from_default();
assert!(guard.is_zeroized());

Trait Implementations§

Source§

impl<T> AssertZeroizeOnDrop for ZeroizingGuard<T>
where T: FastZeroizable + ZeroizationProbe + Default,

Source§

fn clone_sentinel(&self) -> ZeroizeOnDropSentinel

Clones the internal ZeroizeOnDropSentinel for verification. Read more
Source§

fn assert_zeroize_on_drop(self)

Asserts that zeroization happens when this value is dropped. Read more
Source§

impl<T> Debug for ZeroizingGuard<T>
where T: FastZeroizable + ZeroizationProbe + Default,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<T> Deref for ZeroizingGuard<T>
where T: FastZeroizable + ZeroizationProbe + Default,

Source§

type Target = T

The resulting type after dereferencing.
Source§

fn deref(&self) -> &Self::Target

Dereferences the value.
Source§

impl<T> DerefMut for ZeroizingGuard<T>
where T: FastZeroizable + ZeroizationProbe + Default,

Source§

fn deref_mut(&mut self) -> &mut Self::Target

Mutably dereferences the value.
Source§

impl<T> Drop for ZeroizingGuard<T>
where T: FastZeroizable + ZeroizationProbe + Default,

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl<T> FastZeroizable for ZeroizingGuard<T>
where T: FastZeroizable + ZeroizationProbe + Default,

Source§

fn fast_zeroize(&mut self)

Zeroizes the value in place. Read more
Source§

impl<T> ZeroizationProbe for ZeroizingGuard<T>
where T: FastZeroizable + ZeroizationProbe + Default,

Source§

fn is_zeroized(&self) -> bool

Returns true if the value is zeroized (all bytes are 0). Read more

Auto Trait Implementations§

§

impl<T> Freeze for ZeroizingGuard<T>

§

impl<T> RefUnwindSafe for ZeroizingGuard<T>
where T: RefUnwindSafe,

§

impl<T> Send for ZeroizingGuard<T>
where T: Send,

§

impl<T> Sync for ZeroizingGuard<T>
where T: Sync,

§

impl<T> Unpin for ZeroizingGuard<T>

§

impl<T> UnwindSafe for ZeroizingGuard<T>
where T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<P, T> Receiver for P
where P: Deref<Target = T> + ?Sized, T: ?Sized,

Source§

type Target = T

🔬This is a nightly-only experimental API. (arbitrary_self_types)
The target type on which the method may be called.
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.