[−][src]Struct safebox::SafeBox
A safe box for your secrets.
On Drop the content T is zeroed in RAM with memzero.
It can only be instantiated with Copy types. This forbids instantiating a SafeBox<Vec<T>> for
example, which cannot be zeroed.
&T access is guarded behind the unsafe get_ref method. This prevents involuntary copies or
clone of the content. Deref is not implemented.
&mut T is also guarded behind unsafe get_mut. This prevents involuntary memswap or memreplace
of the content. And because DerefMut is not implemented, the content cannot be moved out either.
Remember that it is perfectly safe to move or swap the SafeBox itself, because the content never
moves, merely the smart pointer details.
Because only Copy types are accepted for the content, it is possible to provide a safe implementation of Clone. It allocates a new SafeBox with a memcopy of the content.
It is implemented as a wrapper around a Box
Methods
impl<T: Copy> SafeBox<T>[src]
pub fn new(v: T) -> Self[src]
Allocate a new SafeBox from the given value.
Since v is passed by copy/move, it is advised to initialize with some safe value. Then use
SafeBox::get_mut to write the secret value with the least amount of intermediate
copies.
impl<T: Copy> SafeBox<[T]>[src]
pub fn new_slice(v: T, len: usize) -> Self[src]
Allocate a new SafeBox<[T]>.
The value v is copied into all len elements.
impl<T> SafeBox<[T]>[src]
pub fn new_slice_with<F: Fn() -> T>(len: usize, f: F) -> Self[src]
Allocate a new SafeBox<[T]>.
The function f is called to initialize the len elements.
use safebox::SafeBox; use rand::prelude::*; let random_secret = SafeBox::new_slice_with(8, &random::<u8>);
impl<T: ?Sized> SafeBox<T>[src]
pub unsafe fn get_ref(&self) -> &T[src]
A &T reference to the content.
This is unsafe, because it allows for copying the content around in memory. Of course, a secret must be read at some point to be useful. But you bear all responsibility in copying it around.
pub unsafe fn get_mut(&mut self) -> &mut T[src]
A &mut T reference to the content.
This is unsafe, because it allows for copying the content around in memory. Of course, a secret must be initialized at some point to be useful. But you bear all responsibility in copying it around.
Trait Implementations
impl<T: ?Sized> Drop for SafeBox<T>[src]
impl<T: Copy> Clone for SafeBox<T>[src]
fn clone(&self) -> Self[src]
Clone a SafeBox<T> via memcopy.
fn clone_from(&mut self, source: &Self)1.0.0[src]
impl<T: Copy> Clone for SafeBox<[T]>[src]
fn clone(&self) -> Self[src]
Clone a SafeBox<[T]> via memcopy.
fn clone_from(&mut self, source: &Self)1.0.0[src]
impl<T: Default + Copy> Default for SafeBox<T>[src]
fn default() -> Self[src]
Allocate a new SafeBox with the default value.
See SafeBox::new.
Auto Trait Implementations
impl<T: ?Sized> Send for SafeBox<T> where
T: Send,
T: Send,
impl<T: ?Sized> Sync for SafeBox<T> where
T: Sync,
T: Sync,
impl<T: ?Sized> Unpin for SafeBox<T>
impl<T: ?Sized> UnwindSafe for SafeBox<T> where
T: UnwindSafe,
T: UnwindSafe,
impl<T: ?Sized> RefUnwindSafe for SafeBox<T> where
T: RefUnwindSafe,
T: RefUnwindSafe,
Blanket Implementations
impl<T, U> Into<U> for T where
U: From<T>, [src]
U: From<T>,
impl<T> From<T> for T[src]
impl<T> ToOwned for T where
T: Clone, [src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T[src]
fn clone_into(&self, target: &mut T)[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>, [src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>, [src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>[src]
impl<T> Borrow<T> for T where
T: ?Sized, [src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized, [src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T[src]
impl<T> Any for T where
T: 'static + ?Sized, [src]
T: 'static + ?Sized,